Local Privilege Escalation Vulnerability in MacroHub by GIGABYTE
CVE-2026-0870

8.5HIGH

Key Information:

Vendor

Gigabyte

Status
Macrohub
Vendor
CVE Published:
9 February 2026

What is CVE-2026-0870?

The MacroHub application developed by GIGABYTE is exposed to a local privilege escalation vulnerability. This vulnerability arises from the application's capability to launch external applications with improper privileges, enabling authenticated local attackers to execute arbitrary code with SYSTEM-level access. This exploited vulnerability poses significant risks and can lead to severe security breaches.

Affected Version(s)

MacroHub 0 <= 2.3.1

References

https://www.twcert.org.tw/tw/cp-132-10701-fc9e0-1.html
third-party-advisory
https://www.twcert.org.tw/en/cp-139-10702-b40aa-2.html
third-party-advisory
https://www.gigabyte.com/Support/Security/2362
vendor-advisory

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.