Skip to main content

SignalRGB Kernel Driver EUVDEUVD-2026-37803

| CVE-2026-8049 MEDIUM
2026-06-17 certcc GHSA-c9xw-w9jw-mq5m
5.3
CVSS 3.1 · Vendor: certcc
Share

Severity by source

Vendor (certcc) PRIMARY
5.3 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
vuln.today AI
5.3 MEDIUM

Local-only attack vector (AV:L), low privilege required (PR:L) for standard user account; limited C/I/A impact reflects IOCTL abuse without confirmed full kernel compromise.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (certcc).

CVSS VectorVendor: certcc

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Jun 18, 2026 - 14:23 vuln.today
CVSS changed
Jun 18, 2026 - 14:22 NVD
5.3 (MEDIUM)
Patch available
Jun 18, 2026 - 02:01 EUVD
CVE Published
Jun 17, 2026 - 21:05 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issue privileged IOCTLs.

AnalysisAI

Overly permissive access control on the SignalRGB kernel driver's device object exposes privileged IOCTL operations to any authenticated local user on Windows systems running versions prior to 1.3.7.0. The root cause is that the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without the FILE_DEVICE_SECURE_OPEN flag, causing Windows to apply insecure default access controls. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local authenticated session
Delivery
Enumerate device objects for \\.\SignalIo
Exploit
Open unrestricted handle to kernel device
Execution
Dispatch privileged IOCTLs
Impact
Read or manipulate kernel driver state

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated local user session on a Windows system with the SignalRGB kernel driver installed at a version prior to 1.3.7.0. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 5.3 (Medium) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L accurately reflects the realistic risk: exploitation is bounded to authenticated local users, requires no special attack complexity, and produces limited-severity impact across confidentiality, integrity, and availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a standard local user account on a Windows workstation where SignalRGB is installed opens a handle to `\\.\SignalIo` using standard Win32 API calls, which succeeds due to the missing SDDL restrictions. The attacker then dispatches one or more privileged IOCTL codes against the handle, interacting with kernel-mode driver functionality that was intended to be restricted to elevated callers, potentially reading kernel-controlled data or modifying driver state to support further privilege escalation.
Remediation Upgrade SignalRGB to version 1.3.7.0 or later, which is the vendor-confirmed patched release as reported by CERT/CC (https://kb.cert.org/vuls/id/380058). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-37803 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy