CVE-2026-1880

MEDIUM

Asus DriverHub < 1.0.6.12 - Privilege Escalation

Title source: rule

Description

An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows the altered resource to pass system checks and be executed with elevated privileges upon a user-initiated update. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.

Exploits (1)

nomisec WORKING POC

by seokjohn · poc

https://github.com/seokjohn/CVE-2026-1880

View Code ZIP pw:eip

References (1)

https://www.asus.com/security-advisory

Scores

CVSS v4 5.4

EPSS 0.0001

EPSS Percentile 0.3%

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

CWE

CWE-367

Status published

Products (1)

ASUS/DriverHub < 1.0.6.12

Published Apr 16, 2026

Tracked Since Apr 16, 2026