Incorrect Permission Assignment in ASUS System Control Interface
CVE-2026-7480

7.3HIGH

Key Information:

Vendor: Asus
Status: Asus System Control Interface
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-7480?

An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows local users to exploit a weakness in the permission structure. Through a specially crafted RPC call, attackers can bypass the validation mechanism, leading to unauthorized privilege escalation to SYSTEM level. This vulnerability poses significant risks, enabling the execution of arbitrary code and jeopardizing system integrity. For more information, refer to the Security Update for ASUS System Control Interface on the ASUS Security Advisory page.

Affected Version(s)

ASUS System Control Interface 64 bit 3.1.59.0 and earlier

ASUS System Control Interface ARM 3.2.60.0 and earlier

References

https://www.asus.com/security-advisory/

vendor-advisory

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
Apr 30, 2026

CVE-2026-7480 Data

JSON

Asus

What is CVE-2026-7480?

Affected Version(s)

References

CVSS V4

Timeline