CVE-2026-8920
Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
15/07/2026
Last modified:
15/07/2026
Description
Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On specific models , this can also cause a single feature to become unavailable .<br />
Refer to the &#39; Security Update for Aura Wallpaper Service &#39; section on the ASUS Security Advisory for more information.
Impact
Base Score 4.0
8.50
Severity 4.0
HIGH



