CVE-2026-1880 MEDIUM

CVE-2026-1880

Vendor Asus
Product DriverHub
Weakness CWE-367
Published April 16, 2026
Last update April 16, 2026

CVSS base score

5.4/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows the altered resource to pass system checks and be executed with elevated privileges upon a user-initiated update. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.

Key dates

02Disclosure timeline

April 16, 2026 CVE published
April 16, 2026 Record updated