Local Privilege Escalation Vulnerability in FluxInk Color Management Driver by Lenovo
CVE-2026-58583
Key Information:
- Vendor
Fluxink
- Status
- Vendor
- CVE Published:
- 7 July 2026
Badges
What is CVE-2026-58583?
The FluxInk Color Management Driver (TcnPeripheral64.sys) version 1.0.7.2 contains a security flaw that allows a standard user account to escalate privileges by mapping arbitrary physical memory. This vulnerability poses a significant risk, enabling unauthorized users to gain elevated access and potentially compromise system security. A fix has been implemented in version 1.0.7.6, which is available in the Windows 11 25H2 Hardware Lab Kit. Users are encouraged to update through Windows Update or get the fixed driver directly from Lenovo.
Affected Version(s)
Color Management Driver 0 < 1.0.7.6
Color Management Driver 1.0.7.6
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
