Back

Local Privilege Escalation Vulnerability in GIGABYTE MacroHub Utility

CVE-2026-0870
Jan 28, 2026

GIGABYTE Technology Co., Ltd. acknowledges a recently identified local privilege escalation (LPE) vulnerability in the MacroHub utility, version 2.3.0 and likely earlier versions. This flaw stems from improper privilege handling when launching external applications, potentially allowing a local attacker to execute code with elevated privileges and gain control of the affected system. We are committed to providing secure and reliable software, and are actively addressing this issue to protect our customers. The vulnerability has been assessed as High severity.

 

The vulnerability arises from the MacroHub application’s execution with NT AUTHORITY\SYSTEM privileges, coupled with insufficient privilege checks when launching external applications through the user interface. Specifically, the browser launch functionality fails to drop or adjust the elevated SYSTEM token, enabling a standard user to launch a browser with full SYSTEM privileges. This allows an attacker to spawn a SYSTEM-level command prompt and achieve full user-to-SYSTEM privilege escalation without restrictions.

 

GIGABYTE has released version 2.3.2 of the MacroHub utility, resolving this vulnerability by removing the vulnerable code. Users are strongly encouraged to upgrade to the latest version, available for download from the GIGABYTE support website: https://www.gigabyte.com/Laptop/AERO-14--GTX-1050-Ti/support#support-dl. While the affected product is end-of-life, we are providing this update to mitigate potential risks for users who continue to utilize the utility.

 

We extend our gratitude to Anvith Lobo for responsibly disclosing this vulnerability and for verifying the fix in version 2.3.2.

 

Key Details:

 

*   Vulnerability Type: Local Privilege Escalation (LPE)

*   Affected Version: MacroHub utility version 2.3.0 and likely earlier versions.

*   Cause: Improper privilege handling when launching external applications.

*   Potential Impact: An attacker with local access could escalate their privileges to a high level (such as NT AUTHORITY\SYSTEM on Windows) and execute arbitrary code.

*   CVE ID: CVE-2026-0870

 

Case References:

 

*   https://nvd.nist.gov/vuln/detail/CVE-2018-19320

*   https://nvd.nist.gov/vuln/detail/CVE-2018-19321

*   https://nvd.nist.gov/vuln/detail/CVE-2018-19322

*   https://www.gigabyte.com/Laptop/AERO-14--GTX-1050-Ti/support#support-dl

 

Customers are strongly advised to upgrade to the latest MacroHub utility version.

 

*For any further assistance regarding this issue please contact your sales representative, or create a new support ticket at https://esupport.gigabyte.com