EUVD-2026-23155

| CVE-2026-1880 MEDIUM
2026-04-16 ASUS
Privilege Escalation
5.4
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

2
patch_available
Apr 16, 2026 - 05:29 EUVD
1.0.6.12
Analysis Generated
Apr 16, 2026 - 04:51 vuln.today

DescriptionNVD

An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows the altered resource to pass system checks and be executed with elevated privileges upon a user-initiated update. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.

AnalysisAI

Privilege escalation in ASUS DriverHub through version 1.0.6.11 allows local authenticated users to modify update validation resources, bypassing security checks to execute arbitrary code with elevated privileges during driver updates. The vulnerability exploits improper file permission assignment in the update process, requiring user interaction to trigger the elevated execution. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-23155 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy