عودة

Arbitrary File Write Vulnerability in GIGABYTE Control Center (GCC)

CVE-2026-4415
Mar 30, 2026

GIGABYTE Technology Co., Ltd. acknowledges a recently identified arbitrary file write vulnerability (CVE-2026-4415) in the GIGABYTE Control Center (GCC) software. We are committed to providing secure and reliable products and have actively addressed this issue to protect our customers.

 

Vulnerability Details

CVE Identifier: CVE-2026-4415.

CVSS Score: 8.1 (High).

Vulnerability Type:

CWE-23: Relative Path Traversal (Updated from CWE-20 for technical precision).

Root Cause:

The issue stems from insufficient input validation during file handling within the GCC software.

Attack Scenario:

When the pairing feature is enabled, an unauthenticated remote attacker with network access can write arbitrary files to any location on the underlying operating system.

Potential Impact:

This vulnerability could lead to arbitrary code execution, privilege escalation, or denial of service.

 

Affected Products and Software

Product Name: GIGABYTE Control Center (GCC).

Affected Versions: 25.07.21.01 and earlier versions.

Mitigation Version: 25.12.10.01 or later.

 

Resolution and Recommended Actions

GIGABYTE has developed and released a software update to rectify the file handling process and ensure robust security across affected platforms.

 

Update Details: GCC version 25.12.10.01 includes critical fixes for download path management, message processing, and command encryption to effectively mitigate the vulnerability.

Recommended Action: Customers are strongly advised to upgrade to the latest GCC version immediately.

Download Instructions: Please navigate to the Support section of the relevant product page to download the updated software.

 

Acknowledgement

We extend our sincere gratitude to David Sprüngli for discovering and responsibly reporting this vulnerability. His collaboration has been invaluable in developing a swift and effective response.

 

*The release schedule may be adjusted without further notification. Please check this page or contact technical support for any future updates.

*For any further assistance regarding this issue please contact your sales representative, or create a new support ticket at https://esupport.gigabyte.com