Skip to main content

Gamesdk

1 CVEs product

Monthly

CVE-2026-8919 HIGH This Week

Credential theft in ASUS GameSDK allows a remote attacker to capture a local user's NTLM hash by luring them to a crafted web page that abuses a permissive cross-domain policy to send a UNC-path request to GameSDK's local service endpoint. The flaw affects systems running the ASUS GameSDK local service (bundled with ASUS gaming utilities) and requires the victim to visit an attacker-controlled page (UI required); no authentication is needed. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the leaked NTLM material can be relayed or cracked to reach other services.

Cors Misconfiguration Information Disclosure Gamesdk
NVD
CVSS 4.0
7.2
EPSS
0.3%
EPSS 0% CVSS 7.2
HIGH This Week

Credential theft in ASUS GameSDK allows a remote attacker to capture a local user's NTLM hash by luring them to a crafted web page that abuses a permissive cross-domain policy to send a UNC-path request to GameSDK's local service endpoint. The flaw affects systems running the ASUS GameSDK local service (bundled with ASUS gaming utilities) and requires the victim to visit an attacker-controlled page (UI required); no authentication is needed. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the leaked NTLM material can be relayed or cracked to reach other services.

Cors Misconfiguration Information Disclosure Gamesdk
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy