CVE-2026-58583
HIGHFluxInk Color Management Driver local privilege escalation
Title source: cnaDescription
FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly.
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
url
https://github.com/b3s3da/TcnPeripheral64_PoC/security/advisories/GHSA-x4rw-h4v2-v83h
Third Party Advisory third-party-advisory
url
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-188-01.json
Scores
CVSS v3
7.1
EPSS
0.0010
EPSS Percentile
1.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-269
Status
published
Products (2)
FluxInk/Color Management Driver
< 1.0.7.6
FluxInk/Color Management Driver
1.0.7.6
Published
Jul 07, 2026
Tracked Since
Jul 08, 2026