CVE-2026-4415CRITICAL 9.8EPSS p46.3%

CVE-2026-4415CVE-2026-4415

Description

Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.65% probability of exploitation · percentile 46.3% · 2026-06-18T12:00:27Z
Published2026-03-30
Last modified2026-04-08

Underlying weaknesses· 2

CWE-23CWE-787

References

  1. https://www.twcert.org.tw/en/cp-139-10804-689cd-2.html
  2. https://www.twcert.org.tw/tw/cp-132-10803-ae014-1.html

2

TypeTargetConfidenceTier
WeaknessRelative Path Traversalcwe-230%live
WeaknessOut-of-bounds Writecwe-7870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
GIGABYTE Multiple Products Code Execution Vulnerability
CVE
GIGABYTE Multiple Products Privilege Escalation Vulnerability
CVE
GIGABYTE Multiple Products Unspecified Vulnerability
CVE
CVE-2026-36180
CVE
CVE-2026-24088
CVE
CVE-2026-5300
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.