CVE-2026-4415
Received Received - Intake
Arbitrary File Write in Gigabyte Control Center Enables Remote Code Execution

Publication date: 2026-03-30

Last updated on: 2026-04-08

Assigner: TWCERT/CC

Description
Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-30
Last Modified
2026-04-08
Generated
2026-06-16
AI Q&A
2026-03-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4415
EUVD
EUVD-2026-17069
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gigabyte control_center to 25.12.10.01 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-4415 is an Arbitrary File Write vulnerability in the Gigabyte Control Center software developed by GIGABYTE. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system.

This means attackers can place malicious files anywhere on the system without needing to log in or interact with the user.

Exploitation of this vulnerability can lead to arbitrary code execution or privilege escalation, allowing attackers to take control of the affected system or gain higher privileges.

Impact Analysis

This vulnerability can have severe impacts including unauthorized code execution and privilege escalation on your system.

  • Attackers can remotely write malicious files to any location on your operating system.
  • They can execute arbitrary code, potentially taking full control of your device.
  • Attackers may escalate their privileges, gaining higher access rights than intended.
  • Confidentiality, integrity, and availability of your system can be severely compromised.
Mitigation Strategies

To mitigate the Arbitrary File Write vulnerability in Gigabyte Control Center, you should update the software to version 25.12.10.01 or later.

Additionally, consider disabling the pairing feature if it is not required, as the vulnerability arises when this feature is enabled.

Compliance Impact

The provided information does not specify how the CVE-2026-4415 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4415. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart