Improper Validation Vulnerability in Little Orbit GFAC Driver
CVE-2026-12168
Currently unrated
What is CVE-2026-12168?
The GFAC_Sys_x64.sys driver in Little Orbit's GFAC product suffers from an improper validation vulnerability. This flaw allows local attackers to escalate their privileges to SYSTEM level, enabling the execution of arbitrary code in kernel mode. The exploitation involves sending specially crafted messages through a Minifilter communication port, posing a significant threat to system integrity and security. It is crucial for users and administrators to apply appropriate patches and mitigations to safeguard against potential exploits.
Affected Version(s)
GameFirst Anti-Cheat 0 <= 2025-07-07
