Skip to main content

CWE-782

Exposed IOCTL with Insufficient Access Control

34 CVEs Avg CVSS 7.5 MITRE
4
CRITICAL
20
HIGH
8
MEDIUM
2
LOW
15
POC
1
KEV

Monthly

CVE-2026-9492 HIGH This Week

Local privilege escalation in the MBStorage DRAM lighting control module of GIGABYTE's Gigabyte Control Center (GCC) lets an authenticated low-privileged local user reach kernel-level privileges by abusing the bundled MyPortIO_x64.sys driver. The driver exposes IOCTL handlers without adequate access control, permitting arbitrary read and write of physical memory. No public exploit identified at time of analysis; the issue was reported by Taiwan's TWCERT and carries a CVSS 4.0 base score of 8.5 (High).

Information Disclosure Mbstorage
NVD VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-57851 HIGH POC This Week

Local privilege escalation in MSI Feature Manager (GameGaraj) stems from its bundled KernCoreLib64.sys kernel driver exposing IOCTL handlers that any logged-on user can reach without administrator rights, granting arbitrary physical memory read/write and unrestricted I/O port access. Any low-privileged user on an affected Windows host can leverage this to manipulate kernel objects, tamper with kernel callbacks, bypass Protected Process Light (PPL), and disable endpoint security. Publicly available exploit code exists (published by VulnCheck), though there is no public exploit identified as being used in active attacks at time of analysis.

Privilege Escalation Kerncorelib64 Sys
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.2%
CVE-2026-8797 HIGH This Week

Local privilege escalation in NEC's ExpressUpdate Agent for Windows allows a low-privileged user who can already access the host to execute arbitrary code with SYSTEM privileges, owing to insufficient access controls on the agent. Reported by NEC under advisory NV26-004, the flaw carries a CVSS 4.0 base score of 8.5 (High) and maps to CWE-782 (exposed IOCTL with insufficient access control). There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft RCE Expressupdate Agent For Windows
NVD VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-56129 MEDIUM This Month

Physical memory exposure in the Generic IO & Memory Access Driver for Toshiba and Dynabook PCs allows any locally logged-in user - without administrative privileges - to access physical memory by invoking an insufficiently access-controlled IOCTL interface. Physical memory access of this kind typically enables both reading sensitive in-memory data (credentials, encryption keys, kernel structures) and writing to arbitrary memory addresses, making the effective impact broader than the vendor CVSS C:N rating suggests. No public exploit or CISA KEV listing has been identified at time of analysis; this was disclosed via JPCERT/JVN and a Sharp/Dynabook security advisory.

Information Disclosure Generic Io Memory Access Driver
NVD VulDB
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-15641 MEDIUM PATCH This Month

Anti-tampering bypass in Netskope Client for Windows (all versions prior to R138) allows a local administrator to send crafted IOCTL requests directly to the NSClient kernel driver, completely neutralizing the product's self-protection mechanisms. The flaw arises from CWE-782 - an IOCTL interface exposed by the driver without sufficient access controls - meaning a privileged insider can issue arbitrary control operations the driver was not designed to accept from untrusted callers. No public exploit has been identified at time of analysis, and exploitation is constrained to actors who already hold administrative privileges on the endpoint, limiting the realistic threat to insider scenarios or post-compromise lateral movement by an attacker who has already achieved admin-level access.

Microsoft Authentication Bypass Netskope Client
NVD VulDB
CVSS 4.0
6.8
EPSS
0.2%
CVE-2026-8501 HIGH This Week

Local privilege escalation in PC Tools Internet Security (Symantec) is possible because the PCTCore64.sys kernel driver exposes its PCTCoreDriver WDM device interface to user-mode processes without adequate access controls, allowing low-privileged users to invoke privileged IOCTL handlers. CERT/CC tracked this as VU#158530 and the affected driver is a candidate for Microsoft's recommended driver block list; no public exploit identified at time of analysis, though the vulnerability class (BYOVD-style abuse) is well understood by attackers.

Microsoft Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-6737 LOW Monitor

AsusPTPFilter driver allows local authenticated users to bypass security mechanisms via crafted IOCTL requests, potentially leaking restricted touchpad information or disabling the touchpad entirely. The vulnerability requires local access and low-level privileges but impacts the integrity and availability of the touchpad subsystem. CVSS 2.0 reflects limited scope (low severity across confidentiality, integrity, availability), but the attack vector is local and requires existing user privileges.

Authentication Bypass Asusptpfilter
NVD
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-4483 HIGH PATCH This Week

Moxa MxGeneralIo utility versions prior to 1.4.0/1.5.0 expose IOCTL interfaces allowing authenticated high-privilege local attackers to directly access Model-Specific Registers (MSR) and system memory, enabling privilege escalation on Windows 7 or denial-of-service crashes (BSoD) on Windows 10/11. While CVSS 7.0 reflects high availability impact and network attack vector classification, the actual exploit requires local high-privilege access (PR:H), significantly reducing practical risk. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept has been identified at time of analysis, though vendor advisory confirms patch availability.

Microsoft Privilege Escalation
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-27535 MEDIUM This Month

Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. [CVSS 5.3 MEDIUM]

Denial Of Service Intel Ethernet Controller
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-47761 HIGH This Month

An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an. Rated high severity (CVSS 7.8). No vendor patch available.

Fortinet Microsoft Authentication Bypass Forticlient Windows
NVD
CVSS 3.1
7.8
EPSS
0.0%
EPSS 0% CVSS 8.5
HIGH This Week

Local privilege escalation in the MBStorage DRAM lighting control module of GIGABYTE's Gigabyte Control Center (GCC) lets an authenticated low-privileged local user reach kernel-level privileges by abusing the bundled MyPortIO_x64.sys driver. The driver exposes IOCTL handlers without adequate access control, permitting arbitrary read and write of physical memory. No public exploit identified at time of analysis; the issue was reported by Taiwan's TWCERT and carries a CVSS 4.0 base score of 8.5 (High).

Information Disclosure Mbstorage
NVD VulDB
EPSS 0% CVSS 8.5
HIGH POC This Week

Local privilege escalation in MSI Feature Manager (GameGaraj) stems from its bundled KernCoreLib64.sys kernel driver exposing IOCTL handlers that any logged-on user can reach without administrator rights, granting arbitrary physical memory read/write and unrestricted I/O port access. Any low-privileged user on an affected Windows host can leverage this to manipulate kernel objects, tamper with kernel callbacks, bypass Protected Process Light (PPL), and disable endpoint security. Publicly available exploit code exists (published by VulnCheck), though there is no public exploit identified as being used in active attacks at time of analysis.

Privilege Escalation Kerncorelib64 Sys
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH This Week

Local privilege escalation in NEC's ExpressUpdate Agent for Windows allows a low-privileged user who can already access the host to execute arbitrary code with SYSTEM privileges, owing to insufficient access controls on the agent. Reported by NEC under advisory NV26-004, the flaw carries a CVSS 4.0 base score of 8.5 (High) and maps to CWE-782 (exposed IOCTL with insufficient access control). There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft RCE Expressupdate Agent For Windows
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

Physical memory exposure in the Generic IO & Memory Access Driver for Toshiba and Dynabook PCs allows any locally logged-in user - without administrative privileges - to access physical memory by invoking an insufficiently access-controlled IOCTL interface. Physical memory access of this kind typically enables both reading sensitive in-memory data (credentials, encryption keys, kernel structures) and writing to arbitrary memory addresses, making the effective impact broader than the vendor CVSS C:N rating suggests. No public exploit or CISA KEV listing has been identified at time of analysis; this was disclosed via JPCERT/JVN and a Sharp/Dynabook security advisory.

Information Disclosure Generic Io Memory Access Driver
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Anti-tampering bypass in Netskope Client for Windows (all versions prior to R138) allows a local administrator to send crafted IOCTL requests directly to the NSClient kernel driver, completely neutralizing the product's self-protection mechanisms. The flaw arises from CWE-782 - an IOCTL interface exposed by the driver without sufficient access controls - meaning a privileged insider can issue arbitrary control operations the driver was not designed to accept from untrusted callers. No public exploit has been identified at time of analysis, and exploitation is constrained to actors who already hold administrative privileges on the endpoint, limiting the realistic threat to insider scenarios or post-compromise lateral movement by an attacker who has already achieved admin-level access.

Microsoft Authentication Bypass Netskope Client
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in PC Tools Internet Security (Symantec) is possible because the PCTCore64.sys kernel driver exposes its PCTCoreDriver WDM device interface to user-mode processes without adequate access controls, allowing low-privileged users to invoke privileged IOCTL handlers. CERT/CC tracked this as VU#158530 and the affected driver is a candidate for Microsoft's recommended driver block list; no public exploit identified at time of analysis, though the vulnerability class (BYOVD-style abuse) is well understood by attackers.

Microsoft Information Disclosure
NVD
EPSS 0% CVSS 2.0
LOW Monitor

AsusPTPFilter driver allows local authenticated users to bypass security mechanisms via crafted IOCTL requests, potentially leaking restricted touchpad information or disabling the touchpad entirely. The vulnerability requires local access and low-level privileges but impacts the integrity and availability of the touchpad subsystem. CVSS 2.0 reflects limited scope (low severity across confidentiality, integrity, availability), but the attack vector is local and requires existing user privileges.

Authentication Bypass Asusptpfilter
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Moxa MxGeneralIo utility versions prior to 1.4.0/1.5.0 expose IOCTL interfaces allowing authenticated high-privilege local attackers to directly access Model-Specific Registers (MSR) and system memory, enabling privilege escalation on Windows 7 or denial-of-service crashes (BSoD) on Windows 10/11. While CVSS 7.0 reflects high availability impact and network attack vector classification, the actual exploit requires local high-privilege access (PR:H), significantly reducing practical risk. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept has been identified at time of analysis, though vendor advisory confirms patch availability.

Microsoft Privilege Escalation
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. [CVSS 5.3 MEDIUM]

Denial Of Service Intel Ethernet Controller
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Month

An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an. Rated high severity (CVSS 7.8). No vendor patch available.

Fortinet Microsoft Authentication Bypass +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy