Description
In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issue privileged IOCTLs.
Published: 2026-06-17
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The SignalRGB kernel driver creates the \\.\SignalIo device object without an explicit SDDL security descriptor and without enabling FILE_DEVICE_SECURE_OPEN. This oversight constitutes an Improper Access Control weakness (CWE-284), resulting in an overly permissive default access control list that allows any authenticated local user to open a handle to the device and issue privileged IOCTL commands. As a result, attackers can modify hardware settings or elevate privileges without needing a remote connection or elevated credentials.

Affected Systems

SignalRGB kernel driver versions earlier than 1.3.7.0 are impacted. The vulnerability affects the driver that manages the \\.\SignalIo device under Windows operating systems.

Risk and Exploitability

The EPSS score is below 1%, and the vulnerability is not listed in the CISA KEV catalog, indicating a low probability of widespread exploitation. Nevertheless, the flaw can be leveraged by any local authenticated user, requiring no additional preconditions beyond local credentials. The lack of FILE_DEVICE_SECURE_OPEN and a missing SDDL means the attack can be performed directly by accessing the device, giving attackers the means to execute privileged operations and potentially compromise system integrity.

Generated by OpenCVE AI on June 18, 2026 at 21:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the SignalRGB kernel driver to version 1.3.7.0 or later, which implements a proper SDDL security descriptor and FILE_DEVICE_SECURE_OPEN.
  • If upgrading is not immediately possible, restrict access to the \\.\SignalIo device by applying an ACL that limits its visibility to privileged accounts only.
  • Disable or uninstall the SignalRGB kernel driver if the functionality it provides is not required by your environment.

Generated by OpenCVE AI on June 18, 2026 at 21:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://kb.cert.org/vuls/id/380058 cve-icon
History

Thu, 18 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issue privileged IOCTLs.
Title CVE-2026-8049
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-06-18T13:12:38.935Z

Reserved: 2026-05-06T17:40:03.996Z

Link: CVE-2026-8049

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T21:30:16Z

Weaknesses