CVE-2026-6737
Awaiting Analysis Awaiting Analysis - Queue
Exposed IOCTL with Insufficient Access Control in AsusPTPFilter

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: ASUS

Description
An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusableΒ via crafted IOCTL requests.Refer to the ' Security Update for ASUS Precision TouchpadΒ ' section on the ASUS Security Advisory for more information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-6737
EUVD
EUVD-2026-28485
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
asus precision_touchpad *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-782 The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Exposed IOCTL with Insufficient Access Control in the AsusPTPFilter driver. It allows a local user to bypass the driver's security mechanisms by sending specially crafted IOCTL requests. As a result, the attacker can either obtain restricted information from the touchpad or cause the touchpad to become unusable.

Impact Analysis

The impact of this vulnerability includes unauthorized access to restricted touchpad information and the potential to render the touchpad unusable. This could disrupt normal device functionality and compromise user privacy or device integrity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6737. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart