CVE-2026-8049

MEDIUM(5.3)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Risk Signal Score18/100 — NIEDRIG

CVSS 5.3 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

5.3

Technische Schwere

Beschreibung

In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issue privileged IOCTLs.

Referenzen

https://kb.cert.org/vuls/id/380058