CVE-2026-8049
CVE-2026-8049

Currently unrated

Key Information:

Vendor: Signalrgb
Status: Signalrgb Kernel Driver
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-8049?

In SignalRGB versions prior to 1.3.7.0, the \.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issue privileged IOCTLs.

Affected Version(s)

SignalRGB kernel driver 0 < 1.3.7.0

References

https://kb.cert.org/vuls/id/380058

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
May 6, 2026

CVE-2026-8049 Data

JSON

Signalrgb

What is CVE-2026-8049?

Affected Version(s)

References

Timeline