CVE-2026-8864 | The HP Fan Control App might allow local escalation of privi… | CVSS 7.3 HIGH

Description

The HP Fan Control App might allow local escalation of privileges. An updated version of HP Fan Control App has been released to mitigate this potential vulnerability.

Metadata

CVE ID: CVE-2026-8864
State: PUBLISHED
Assigner: hp
Reserved: 2026-05-18 19:44 UTC
Published: 2026-06-30 16:21 UTC
Last updated: 2026-06-30 16:45 UTC
Primary CWE: CWE-428
CWE-428: Unquoted Search Path or Element
Vendor / Product: HP Inc. / HP Fan Control App
Sources: cve.org · NVD

Severity & Metrics

7.3 HIGH CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
HP Inc.	HP Fan Control App	Windows	0 < 1.0.0.2

Weakness (CWE)

CWE	Source	Description
CWE-428	cna	CWE-428: Unquoted Search Path or Element

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.3	HIGH	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References (1)

https://support.hp.com/us-en/document/ish_15217742-15217770-16/hpsbhf04122