External Control of File Name or Path Vulnerability in ASUS Business Manager
CVE-2026-8921

8.5HIGH

Key Information:

Vendor

Asus

Vendor
CVE Published:
3 July 2026

What is CVE-2026-8921?

An external control of file name or path vulnerability exists in ASUS Business Manager, enabling local users to exploit it by sending tampered IPC messages. This can lead to arbitrary code execution with SYSTEM privileges, compromising system integrity and security. For detailed information about the security implications and mitigation strategies, refer to the Security Update for ASUS Business Manager on the ASUS Security Advisory page.

Affected Version(s)

ASUS Business Manager 0

References

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Gu YongZeng (@0x0dee)
.