Permissive Cross-domain Security Policy in ASUS GameSDK
CVE-2026-8919
7.2HIGH
What is CVE-2026-8919?
The ASUS GameSDK has a vulnerability that permits a permissive cross-domain security policy, creating an opportunity for remote users to exploit untrusted domains. By enticing a local user to visit a malicious web page, attackers can send crafted requests that access the application’s service endpoints, ultimately allowing them to obtain the NTLM hash of the local user. This could lead to unauthorized access to sensitive information, potential data tampering, service disruption for GameSDK, and exposure of user information across other applications.
Affected Version(s)
GameSDK 0