CVE-2026-58583
Received Received - Intake

Privilege Escalation in FluxInk Color Management Driver

Vulnerability report for CVE-2026-58583, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-07

Last updated on: 2026-07-07

Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government

Description

FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-07
Last Modified
2026-07-07
Generated
2026-07-08
AI Q&A
2026-07-08
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
lenovo fluxink_color_management_driver to 1.0.7.6 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the FluxInk Color Management Driver (TcnPeripheral64.sys) version 1.0.7.2. It allows a local standard user to escalate their privileges by exploiting arbitrary physical memory mapping at \Device\PhysicalMemory. Essentially, a user with limited permissions can gain higher-level access on the system through this flaw.

The issue was fixed in version 1.0.7.6 of the driver, which is available in the Windows 11 25H2 Hardware Lab Kit and may also be distributed via Windows Update or directly from Lenovo.

Impact Analysis

This vulnerability can allow a local user with standard privileges to escalate their access rights to a higher privilege level on the affected system. This means an attacker could potentially execute actions or access data that should be restricted, leading to unauthorized system control or data exposure.

Mitigation Strategies

To mitigate this vulnerability, update the FluxInk Color Management Driver (TcnPeripheral64.sys) to version 1.0.7.6 or later.

The fixed driver is available in the Windows 11 25H2 Hardware Lab Kit (HLK) and may also be obtained through Windows Update or directly from Lenovo.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58583. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart