Skip to main content

Armoury Crate

3 CVEs product

Monthly

CVE-2026-8918 HIGH This Week

Local privilege abuse in ASUS Armoury Crate (versions up to and including 6.4.12) allows a local administrator to bypass input validation and perform arbitrary kernel memory read/write or trigger a system crash (BSOD). The flaw is reported by ASUS and tracked as EUVD-2026-38205; no public exploit identified at time of analysis. CVSS 4.0 base score is 7.1 with high attack complexity and high privileges required, reflecting that exploitation needs an existing administrative foothold.

Denial Of Service Armoury Crate
NVD VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-8070 HIGH This Week

Local privilege escalation in ASUS Armoury Crate allows an authenticated low-privileged user to bypass driver validation and gain unauthorized read/write access to physical memory. The flaw stems from incorrect permission assignment (CWE-732) on a critical resource exposed by the application's kernel driver, enabling memory tampering that can be leveraged for full system compromise. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Authentication Bypass Armoury Crate
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2023-26911 HIGH This Week

ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Armoury Crate Setupasusservices
NVD
CVSS 3.1
7.8
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH This Week

Local privilege abuse in ASUS Armoury Crate (versions up to and including 6.4.12) allows a local administrator to bypass input validation and perform arbitrary kernel memory read/write or trigger a system crash (BSOD). The flaw is reported by ASUS and tracked as EUVD-2026-38205; no public exploit identified at time of analysis. CVSS 4.0 base score is 7.1 with high attack complexity and high privileges required, reflecting that exploitation needs an existing administrative foothold.

Denial Of Service Armoury Crate
NVD VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Local privilege escalation in ASUS Armoury Crate allows an authenticated low-privileged user to bypass driver validation and gain unauthorized read/write access to physical memory. The flaw stems from incorrect permission assignment (CWE-732) on a critical resource exposed by the application's kernel driver, enabling memory tampering that can be leveraged for full system compromise. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Authentication Bypass Armoury Crate
NVD
EPSS 0% CVSS 7.8
HIGH This Week

ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Armoury Crate Setupasusservices
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy