EUVD-2026-17071
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Description
The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation.
Analysis
Insecure deserialization in Gigabyte Control Center's Performance Library component allows authenticated local users to escalate privileges to SYSTEM by sending crafted serialized payloads to the EasyTune Engine service. Affecting Gigabyte Performance Library across versions, this CWE-502 flaw enables low-privileged users to gain complete control of the Windows system. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running Gigabyte Control Center Performance Library and disable or restrict access to the EasyTune Engine service. Within 7 days: Implement application whitelisting or registry/file ACLs to prevent unprivileged users from invoking the vulnerable serialization component; segment internal networks to limit lateral movement post-exploitation. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today