CVE-2026-8049

UNKNOWN 0.0

CVE-2026-8049

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issue privileged IOCTLs.

Vendor	signalrgb
Product	signalrgb kernel driver
Published	Jun 17, 2026

Stay Ahead of the Next One

Get instant alerts for signalrgb signalrgb kernel driver

Be the first to know when new unknown vulnerabilities affecting signalrgb signalrgb kernel driver are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

SignalRGB / SignalRGB kernel driver

0 < 1.3.7.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

kb.cert.org: https://kb.cert.org/vuls/id/380058