CVE-2026-1880
Incorrect Permission Assignment in ASUS DriverHub Enables Privilege Escalation
Publication date: 2026-04-16
Last updated on: 2026-04-16
Assigner: ASUS
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| asus | driverhub | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Incorrect Permission Assignment for a critical resource in the ASUS DriverHub update process. It allows a local user with limited privileges to modify important execution resources during the validation phase of an update. Because these resources are not properly protected, the altered resource can bypass system checks and be executed with elevated privileges when the user initiates an update.
How can this vulnerability impact me? :
The vulnerability can lead to privilege escalation, meaning a local user with limited permissions could gain higher-level access on the system. This could allow unauthorized actions or modifications that normally require elevated privileges, potentially compromising system security.