Access Control Flaw in Realtek Wi-Fi Kernel Driver
CVE-2026-36355

7.7HIGH

Key Information:

Vendor: Realtek
Status: rtl8192cd Wi-Fi kernel driver
Vendor: CVE Published:; 5 May 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-36355?

The rtl8192cd Wi-Fi kernel driver within the Realtek rtl819x Jungle SDK is affected by an access control flaw that enables unauthorized access to sensitive memory operations. This vulnerability arises from the lack of access control checks on debug handlers (write_mem and read_mem) which are activated in production builds. This could allow an attacker with local access to potentially gain control over the device or lead to information disclosure.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-36355
Created by totekuh

References

http://realtek.com

https://github.com/totekuh/CVE-2026-36355

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
🟡
Public PoC available
May 4, 2026
👾
Exploit known to exist
May 4, 2026
Vulnerability Reserved
Apr 6, 2026

CVE-2026-36355 Data

JSON