Skip to main content

Aura Wallpaper Service CVE-2026-8920

| EUVDEUVD-2026-44586 HIGH
Improper Restriction of Communication Channel to Intended Endpoints (CWE-923)
2026-07-15 ASUS GHSA-285c-cc6q-hwff
8.5
CVSS 4.0 · Vendor: ASUS
Share

Severity by source

Vendor (ASUS) PRIMARY
8.5 HIGH
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.8 HIGH

Local IPC exploitation by an existing low-priv user gives AV:L/PR:L; the path-bypass makes AC:H; the privileged service acting on attacker files crosses a trust boundary (S:C) with full C/I/A impact.

3.1 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N

Primary rating from Vendor (ASUS).

CVSS VectorVendor: ASUS

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 15, 2026 - 02:30 vuln.today
CVE Published
Jul 15, 2026 - 02:00 cve.org
HIGH 8.5

DescriptionCVE.org

Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On specific models , this can also cause a single feature to become unavailable . Refer to the ' Security Update for Aura Wallpaper Service ' section on the ASUS Security Advisory for more information.

AnalysisAI

Arbitrary file operations in ASUS Aura Wallpaper Service allow a low-privileged local user to send crafted commands that carry an attacker-controlled file path, bypassing the service's intended path restrictions and abusing its higher-privileged context. Because the service exposes a communication channel that fails to properly restrict callers or validate file names (CWE-923), a local user can read, write, or manipulate files outside the intended scope, with high impact to confidentiality, integrity, and availability; on certain ASUS models exploitation can also render a single feature unavailable. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privileged local user
Delivery
Connect to Aura Wallpaper Service IPC channel
Exploit
Send crafted command with arbitrary file path
Execution
Bypass service path restrictions
Persist
Service performs privileged file operation
Impact
Read/overwrite protected files, impact system

Vulnerability AssessmentAI

Exploitation Requires local access to a machine running the ASUS Aura Wallpaper Service with an existing low-privilege account (PR:L) and the ability to reach the service's local IPC/command channel - there is no remote vector (AV:L) and no user interaction (UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are moderately consistent and point to a real but locally-scoped privilege/manipulation issue rather than a mass-exploitable remote flaw. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged user (or malware already running in that user's context) on an ASUS machine connects to the Aura Wallpaper Service's local command channel and issues a crafted command embedding an arbitrary file path that escapes the service's intended directory. The service, running with higher privilege, performs the requested file operation at the attacker-chosen location, letting the attacker read protected data or write/overwrite files to escalate privilege or corrupt state. …
Remediation Apply ASUS's update for the Aura Wallpaper Service as described in the 'Security Update for Aura Wallpaper Service' section of the ASUS Security Advisory (https://www.asus.com/security-advisory/); the input does not include an exact fixed version, so treat patch status as 'Patch available per vendor advisory' and confirm the specific build number against the advisory before deploying. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify and inventory all ASUS systems running Aura Wallpaper Service and document the scope of local user access. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-8920 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy