Improper Communication Channel Restriction in ASUS Aura Wallpaper Service
CVE-2026-8920

8.5HIGH

Key Information:

Vendor

Asus

Vendor
CVE Published:
15 July 2026

What is CVE-2026-8920?

The Aura Wallpaper Service by ASUS is vulnerable due to improper restrictions that permit local users to send crafted commands. This allows the execution of file operations by manipulating an arbitrary file path, thereby bypassing the service's intended path restrictions. Additionally, in certain models, this vulnerability might cause certain features to become unavailable. For more detailed information and security updates regarding this vulnerability, please visit ASUS's official security advisory.

Affected Version(s)

Aura Wallpaper Service v2.1.8.0

References

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.