Description
Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On specific models , this can also cause a single feature to become unavailable .
Refer to the ' Security Update for Aura Wallpaper Service ' section on the ASUS Security Advisory for more information.
Refer to the ' Security Update for Aura Wallpaper Service ' section on the ASUS Security Advisory for more information.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
| Link | Providers |
|---|---|
| https://www.asus.com/security-advisory/ |
|
History
Wed, 15 Jul 2026 02:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On specific models , this can also cause a single feature to become unavailable . Refer to the ' Security Update for Aura Wallpaper Service ' section on the ASUS Security Advisory for more information. | |
| First Time appeared |
Asus
Asus aura Wallpaper Service |
|
| Weaknesses | CWE-73 CWE-923 |
|
| CPEs | cpe:2.3:a:asus:aura_wallpaper_service:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Asus
Asus aura Wallpaper Service |
|
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: ASUS
Published:
Updated: 2026-07-15T02:00:56.653Z
Reserved: 2026-05-19T05:58:49.026Z
Link: CVE-2026-8920
No data.
No data.
No data.
OpenCVE Enrichment
No data.