CVE-2026-8920

Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
15/07/2026
Last modified:
15/07/2026

Description

Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On specific models , this can also cause a single feature to become unavailable .<br /> Refer to the &amp;#39; Security Update for Aura Wallpaper Service &amp;#39; section on the ASUS Security Advisory for more information.

References to Advisories, Solutions, and Tools