CVE-2026-6737
Awaiting Analysis Awaiting Analysis - Queue

Exposed IOCTL with Insufficient Access Control in AsusPTPFilter

Vulnerability report for CVE-2026-6737, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: ASUS

Description

An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusableΒ via crafted IOCTL requests.Refer to the ' Security Update for ASUS Precision TouchpadΒ ' section on the ASUS Security Advisory for more information.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-07-09
AI Q&A
2026-05-08
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
asus precision_touchpad *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-782 The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an Exposed IOCTL with Insufficient Access Control in the AsusPTPFilter driver. It allows a local user to bypass the driver's security mechanisms by sending specially crafted IOCTL requests. As a result, the attacker can either obtain restricted information from the touchpad or cause the touchpad to become unusable.

Impact Analysis

The impact of this vulnerability includes unauthorized access to restricted touchpad information and the potential to render the touchpad unusable. This could disrupt normal device functionality and compromise user privacy or device integrity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6737. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart