GHSA-c9xw-w9jw-mq5mMediumCVSS 5.3

In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an...

Published
June 18, 2026
Last Modified
June 18, 2026

🔗 CVE IDs covered (1)

📋 Description

In SignalRGB versions prior to 1.3.7.0, the \.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issue privileged IOCTLs.

🔗 References (3)