CVE-2026-0870
Local Privilege Escalation in GIGABYTE MacroHub via Improper Privileges
Publication date: 2026-02-09
Last updated on: 2026-02-09
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gigabyte | macrohub | * |
| gigabyte | macrohub | to 2.3.2 (exc) |
| gigabyte | macrohub | From 2.3.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-0870 is a Local Privilege Escalation vulnerability in the MacroHub application developed by GIGABYTE. The vulnerability occurs because MacroHub improperly launches external applications with incorrect privileges.
This flaw allows an authenticated local attacker to execute arbitrary code with SYSTEM-level privileges, effectively gaining full control over the affected system.
How can this vulnerability impact me? :
This vulnerability can have a significant impact as it allows a local attacker with limited privileges to escalate their rights to SYSTEM level.
- Execution of arbitrary code with SYSTEM privileges.
- Potential full control over the affected system.
- Compromise of confidentiality, integrity, and availability of the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to update MacroHub to version 2.3.2 or later.