CVE-2026-4416

HIGH

Published:Mar 30, 2026(Today)

Modified:Mar 30, 2026

AI Explanation

The Performance Library component of the Gigabyte Control Center has a vulnerability that allows authenticated local attackers to send malicious payloads, resulting in privilege escalation. This is due to insecure deserialization in the EasyTune Engine service. Attackers can exploit this to gain elevated privileges.

Authenticated local users of the Gigabyte Control Center are at high risk of privilege escalation due to insecure deserialization.

Local AccessLow ComplexityLow PrivilegesNo User Interaction

How to Fix

1Update the Gigabyte Control Center to the latest version, 2. Restrict access to the EasyTune Engine service, 3. Implement secure deserialization practices in the Performance Library component

References

https://www.twcert.org.tw/en/cp-139-10806-fbc4a-2.html
https://www.twcert.org.tw/tw/cp-132-10805-a53f6-1.html

CVSS Score

v3.1

7.8/ 10.0

HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

At a Glance

Affected Products

References

CVSS v3 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2026-4416

✦ AI Explanation

How to Fix

References

CVSS Score

At a Glance

CVSS v3 Vector

Impact Analysis

AI Explanation