Arbitrary File Write Vulnerability in Gigabyte Control Center by GIGABYTE
CVE-2026-4415

9.2CRITICAL

Key Information:

Vendor: Gigabyte
Status: Gigabyte Control Center
Vendor: CVE Published:; 30 March 2026

What is CVE-2026-4415?

The Gigabyte Control Center software, designed by GIGABYTE, contains a vulnerability that allows unauthenticated remote attackers to write arbitrary files to any location on the underlying operating system. This risk is most pronounced when the pairing feature is enabled. By exploiting this flaw, attackers can execute arbitrary code or escalate their privileges, potentially compromising system integrity and data security.

Affected Version(s)

Gigabyte Control Center 0 <= 25.07.21.01

References

https://www.twcert.org.tw/tw/cp-132-10803-ae014-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10804-689cd-2.html

third-party-advisory

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2026
Vulnerability Reserved
Mar 19, 2026

CVE-2026-4415 Data

JSON