CVE-2026-8049 | In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo dev…

Description

In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issue privileged IOCTLs.

Metadata

CVE ID: CVE-2026-8049
State: PUBLISHED
Assigner: certcc
Reserved: 2026-05-06 17:40 UTC
Published: 2026-06-17 21:05 UTC
Last updated: 2026-06-17 21:05 UTC
Vendor / Product: SignalRGB / SignalRGB kernel driver
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (1)

Vendor	Product	Platform	Versions
SignalRGB	SignalRGB kernel driver	—	0 < 1.3.7.0

Weakness (CWE)

CWE	Source	Description
—	cna	CWE-284

References (1)

https://kb.cert.org/vuls/id/380058