CVE-2026-4415
Arbitrary File Write in Gigabyte Control Center Enables Remote Code Execution
Publication date: 2026-03-30
Last updated on: 2026-04-08
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gigabyte | control_center | to 25.12.10.01 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-23 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4415 is an Arbitrary File Write vulnerability in the Gigabyte Control Center software developed by GIGABYTE. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system.
This means attackers can place malicious files anywhere on the system without needing to log in or interact with the user.
Exploitation of this vulnerability can lead to arbitrary code execution or privilege escalation, allowing attackers to take control of the affected system or gain higher privileges.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized code execution and privilege escalation on your system.
- Attackers can remotely write malicious files to any location on your operating system.
- They can execute arbitrary code, potentially taking full control of your device.
- Attackers may escalate their privileges, gaining higher access rights than intended.
- Confidentiality, integrity, and availability of your system can be severely compromised.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the Arbitrary File Write vulnerability in Gigabyte Control Center, you should update the software to version 25.12.10.01 or later.
Additionally, consider disabling the pairing feature if it is not required, as the vulnerability arises when this feature is enabled.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-4415 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.