Skip to main content

HP Fan Control App EUVDEUVD-2026-40368

| CVE-2026-8864 HIGH
Unquoted Search Path or Element (CWE-428)
2026-06-30 hp GHSA-p9w6-48xr-5r6q
7.3
CVSS 4.0 · Vendor: hp
Share

Severity by source

Vendor (hp) PRIMARY
7.3 HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.0 HIGH

Local low-privileged attacker (AV:L/PR:L); the writable-path/timing precondition maps to AC:H; success yields full SYSTEM control, so C:H/I:H/A:H with unchanged scope.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (hp).

CVSS VectorVendor: hp

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 30, 2026 - 18:01 EUVD
Analysis Generated
Jun 30, 2026 - 17:20 vuln.today

DescriptionCVE.org

The HP Fan Control App might allow local escalation of privileges. An updated version of HP Fan Control App has been released to mitigate this potential vulnerability.

AnalysisAI

Local privilege escalation in the HP Fan Control App lets a low-privileged local user gain SYSTEM/administrator-level execution on affected HP endpoints. The flaw stems from CWE-428 (Unquoted Search Path or Element), a classic Windows weakness where a privileged service or process resolves an executable or library from an attacker-controllable path. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privileged local user
Delivery
Plant malicious binary/DLL in writable search path
Exploit
Trigger privileged service start or restart
Execution
Insecure path resolves attacker file
Impact
Code executes as SYSTEM, full host compromise

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already hold a low-privileged local account on a machine with the vulnerable HP Fan Control App installed (PR:L, AV:L) - there is no remote or network path. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are moderate and internally consistent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A standard (non-admin) user on a shared HP workstation plants a malicious executable or DLL in a user-writable directory that lies within the privileged Fan Control component's resolution path, then waits for or triggers the service start (reboot, login, or service restart). When the privileged process resolves the unquoted path or insecure search order, it loads and runs the attacker's payload as SYSTEM, yielding full local administrator control. …
Remediation Apply the updated HP Fan Control App that HP has released to mitigate this issue; the exact fixed version is not stated in the provided data, so consult HP advisory HPSBHF04122 at https://support.hp.com/us-en/document/ish_15217742-15217770-16/hpsbhf04122 for the precise patched version and obtain it through HP Support Assistant or the HP software download portal. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Conduct asset inventory to identify all HP endpoints with Fan Control App installed and map local user access levels. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-40368 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy