Description
MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launching external applications with improper privileges, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges.
Published: 2026-02-09
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: System Privilege Escalation
Action: Patch Immediately
AI Analysis

Impact

MacroHub, a utility from GIGABYTE, contains a local privilege escalation flaw that occurs when the application launches external programs with improper privilege handling. An authenticated user on the same machine can trigger this behavior to run arbitrary code with SYSTEM privileges, effectively gaining full control and the ability to modify or delete any file, install software, or disrupt services.

Affected Systems

All installations of GIGABYTE MacroHub with versions earlier than 2.3.2 are affected. The vulnerability exists in the base application regardless of the operating system version, as the flaw originates from the MacroHub executable itself.

Risk and Exploitability

The vulnerability scores an 8.5 on the CVSS scale, indicating a high severity, while the EPSS score is below 1%, suggesting a low but non-zero exploitation probability at the time of this analysis. It is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack vector is inferred to be a local authenticated user; an attacker would need local access to the victim’s machine to manipulate MacroHub or its external application launching behavior. If exploited, the attacker achieves full system privileges, potentially leading to data compromise, ransomware installation, or other destructive actions.

Generated by OpenCVE AI on April 17, 2026 at 21:35 UTC.

Remediation

Vendor Solution

Update to version 2.3.2 or later.

OpenCVE Recommended Actions

  • Update MacroHub to version 2.3.2 or later as advised by GIGABYTE
  • Reconfigure or disable the feature that allows launching external applications from MacroHub if an immediate update is not possible
  • Continuously monitor system processes for unauthorized privilege escalation or unexpected external program execution

Generated by OpenCVE AI on April 17, 2026 at 21:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Gigabyte
Gigabyte macrohub
Vendors & Products Gigabyte
Gigabyte macrohub

Mon, 09 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 09 Feb 2026 06:45:00 +0000

Type Values Removed Values Added
Description MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launching external applications with improper privileges, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges.
Title GIGABYTE|MacroHub - Local Privilege Escalation
Weaknesses CWE-250
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Gigabyte Macrohub
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-02-09T16:12:24.814Z

Reserved: 2026-01-13T02:39:19.738Z

Link: CVE-2026-0870

cve-icon Vulnrichment

Updated: 2026-02-09T16:12:21.892Z

cve-icon NVD

Status : Deferred

Published: 2026-02-09T07:16:17.697

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-0870

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:45:28Z

Weaknesses