Permissive Cross-domain Security Policy in ASUS GameSDK
CVE-2026-8919

7.2HIGH

Key Information:

Vendor

Asus

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-8919?

The ASUS GameSDK has a vulnerability that permits a permissive cross-domain security policy, creating an opportunity for remote users to exploit untrusted domains. By enticing a local user to visit a malicious web page, attackers can send crafted requests that access the application’s service endpoints, ultimately allowing them to obtain the NTLM hash of the local user. This could lead to unauthorized access to sensitive information, potential data tampering, service disruption for GameSDK, and exposure of user information across other applications.

Affected Version(s)

GameSDK 0

References

CVSS V4

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.