CVE-2026-8049
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
Jun 17, 2026
Vendor
unknown
Description
In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issue privileged IOCTLs.