Description
A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write operations or cause a system crash (BSOD) by bypassing the validation mechanism.Refer to the '
Security Update for Armoury Crate App ' section on the ASUS Security Advisory for more information.
Published: 2026-06-22
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in ASUS Armoury Crate allows a local administrator to bypass input validation by relying on a permissive list of allowed inputs. This flaw enables arbitrary memory read/write operations or can cause a system crash (BSOD). The weakness is classified as CWE‑183, an out‑of‑bounds read that can lead to data leakage, arbitrary code execution, or denial of service if exploited effectively.

Affected Systems

ASUS Armoury Crate, all versions currently installed on systems where the application is running. The advisory does not specify affected releases, but any installation of the Armoury Crate app that has not been updated from the security advisory is considered vulnerable.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity of the flaw, with potential for privilege escalation and stability compromise. The EPSS score is not available, so the exploitation probability remains uncertain, but the lack of a public exploit and absence from the KEV catalog suggest a lower but non‑negligible risk. Because the attacker needs local administrator access, the most likely vector is an insider or compromised local user who can run the app and manipulate input values.

Generated by OpenCVE AI on June 22, 2026 at 04:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official ASUS security update for Armoury Crate as described in the advisory.
  • If a patch is not available, disable or limit local administrator privileges for users who normally have administrative rights to the system.
  • Monitor system stability for unexplained BSODs and memory errors, and investigate any suspicious activity.

Generated by OpenCVE AI on June 22, 2026 at 04:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.asus.com/security-advisory cve-icon
History

Mon, 22 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Arbitrary Memory Access via Permissive Input Validation in ASUS Armoury Crate

Mon, 22 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
Description A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write operations or cause a system crash (BSOD) by bypassing the validation mechanism.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security Advisory for more information.
First Time appeared Asus
Asus armoury Crate
Weaknesses CWE-183
CPEs cpe:2.3:a:asus:armoury_crate:*:*:*:*:*:*:*:*
Vendors & Products Asus
Asus armoury Crate
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Asus Armoury Crate
cve-icon MITRE

Status: PUBLISHED

Assigner: ASUS

Published:

Updated: 2026-06-22T02:00:12.252Z

Reserved: 2026-05-19T05:57:37.797Z

Link: CVE-2026-8918

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T04:30:16Z

Weaknesses
  • CWE-183

    Permissive List of Allowed Inputs