Improper Permission Assignment in Armoury Crate by ASUS
CVE-2026-8070

7.3HIGH

Key Information:

Vendor: Asus
Status: Armoury Crate
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-8070?

An improper permission assignment vulnerability in the Armoury Crate application developed by ASUS enables a local user to bypass necessary validation checks within the driver. This can lead to unauthorized access to critical resources, posing a significant risk of unauthorized read and write operations to physical memory. For more detailed information, refer to the ASUS Security Advisory.

Affected Version(s)

Armoury Crate 0 <= 6.4.12

References

https://www.asus.com/security-advisory

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 7, 2026

Credit

jakub buczak

CVE-2026-8070 Data

JSON

Asus

What is CVE-2026-8070?

Affected Version(s)

References

CVSS V4

Timeline

Credit