Description
In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issue privileged IOCTLs.
Published: 2026-06-17
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The SignalRGB kernel driver fails to assign an explicit SDDL security descriptor and does not enable FILE_DEVICE_SECURE_OPEN when creating the \\.\SignalIo device object. This oversight results in an overly permissive default access control list that allows any authenticated local user to obtain a handle to the device and issue privileged IOCTL commands. Consequently, malicious local users can invoke driver‑specific operations that affect hardware settings or potentially execute privileged code on the kernel level.

Affected Systems

SignalRGB kernel driver versions earlier than 1.3.7.0 on Windows operating systems are impacted. The vulnerability is limited to the driver that manages the \\.\SignalIo device under these platforms.

Risk and Exploitability

The EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog, indicating a low probability of widespread exploitation. Nevertheless, the flaw can be leveraged by any local authenticated user with no additional prerequisites. The CVSS score of 5.3 indicates moderate severity; if exploited, the attacker could alter hardware configuration or elevate privileges within the local system. The likely attack vector is local, requiring only access to a machine where the vulnerable driver is installed.

Generated by OpenCVE AI on June 19, 2026 at 21:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the SignalRGB kernel driver to version 1.3.7.0 or later to receive a proper SDDL descriptor and FILE_DEVICE_SECURE_OPEN implementation.
  • If an upgrade is not immediately possible, limit device access by applying an ACL that restricts the \\.\SignalIo device to privileged accounts only.
  • If the functionality provided by SignalRGB is not required, disable or uninstall the kernel driver.

Generated by OpenCVE AI on June 19, 2026 at 21:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
History

Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Signalrgb
Signalrgb signalrgb Kernel Driver
Vendors & Products Signalrgb
Signalrgb signalrgb Kernel Driver

Fri, 19 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Fri, 19 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 18 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issue privileged IOCTLs.
Title CVE-2026-8049
References

Subscriptions

Signalrgb Signalrgb Kernel Driver
cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-06-18T13:12:38.935Z

Reserved: 2026-05-06T17:40:03.996Z

Link: CVE-2026-8049

cve-icon Vulnrichment

Updated: 2026-06-18T13:12:34.145Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T22:56:59Z

Weaknesses