Skip to main content

GameFirst Anti-Cheat EUVDEUVD-2026-41376

| CVE-2026-12167 HIGH
2026-07-02 certcc GHSA-3p7v-279h-hf95
7.8
CVSS 3.1 · Vendor: certcc
Share

Severity by source

Vendor (certcc) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local unprivileged user (AV:L/PR:L) reaches an unrestricted kernel port with no interaction (AC:L/UI:N), gaining privileged driver control for full C/I/A impact.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (certcc).

CVSS VectorVendor: certcc

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jul 02, 2026 - 18:23 vuln.today
CVSS changed
Jul 02, 2026 - 18:22 NVD
7.8 (HIGH)
CVE Published
Jul 02, 2026 - 14:35 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

The Minifilter communication port for driver GFAC_Sys_x64.sys in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions.

AnalysisAI

Local privilege escalation in Little Orbit's GameFirst Anti-Cheat (GFAC) kernel driver GFAC_Sys_x64.sys allows an unprivileged local user to invoke privileged driver functionality because the minifilter communication port exposes its interface without proper access control. Any local account can send crafted requests through the port to reach kernel-level operations, yielding full confidentiality, integrity, and availability impact (CVSS 7.8). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged local access
Delivery
Detect loaded GFAC_Sys_x64.sys driver
Exploit
Open unrestricted minifilter communication port
Execution
Send crafted messages to privileged handlers
Impact
Invoke kernel functionality / escalate to SYSTEM

Vulnerability AssessmentAI

Exploitation Requires the Little Orbit GFAC anti-cheat to be installed and its driver GFAC_Sys_x64.sys loaded (typically while a protected Little Orbit game is installed/running), and the attacker must already have local code execution as at least a low-privileged user (PR:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, 7.8 High) describes a locally exploitable, low-complexity flaw requiring only low privileges (an ordinary logged-in user) with no user interaction and full triple-impact - a classic local elevation-of-privilege profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged user (or malware already running in a standard user context) on a machine with GFAC installed opens a handle to the driver's unrestricted minifilter communication port and sends crafted messages to invoke privileged kernel handlers, escalating to SYSTEM-level control. Given AV:L/AC:L/PR:L and a public GitHub repo tied to this CVE cluster, reliable local exploitation is plausible with minimal effort. …
Remediation No fixed version string is present in the provided data, so no vendor-released patch is independently confirmed at time of analysis; consult the CERT/CC advisory at https://kb.cert.org/vuls/id/639124 and the vendor at https://www.littleorbit.com/ for an updated GFAC build superseding the 2025-07-07 version, and upgrade all affected hosts once available. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and inventory all systems running GFAC_Sys_x64.sys; disable the driver on non-critical systems. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-41376 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy