- GIGABYTE Control Center had critical vulnerability CVE‑2026‑4415 in its pairing function
- A flaw allowed remote, unauthenticated attackers to write arbitrary files, execute code, and escalate privileges.
- Fix released in version 25.12.10.01; users are advised to update immediately to secure affected systems
GIGABYTE Control Center, a Windows utility preloaded on some computers, contained a critical severity vulnerability that allowed malicious actors to access files, execute code, and trigger denial of service conditions on affected devices.
The bug has now been resolved and users are advised to fix it without delay.
GIGABYTE is a major hardware manufacturer known for, among other things, PC motherboards. It also built and maintains GIGABYTE Control Center, a utility program for PCs powered by its motherboards. Inside, users can manage and configure different hardware components, such as fans, RGB lights, driver and firmware updates, etc.
Article continues below
“Twinning” is to blame
One of its features, called “pairing,” was causing this issue. Pairing is a feature that allows Control Center to communicate with other devices on a network.
“When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files anywhere on the underlying operating system, leading to arbitrary code execution or privilege escalation,” the National Vulnerability Database explained.
Some sources claim that the attack does not require user interaction or prior authentication, which would make it more dangerous than a regular bug.
This is likely why the bug, now tracked as CVE-2026-4415, received a severity score of 9.2/10 (critical). It was first disclosed by the Taiwan Computer Emergency Response Team (TWCERT/CC), which attributed the discovery to security researcher David Sprüngli.
Versions 25.07.21.01 and earlier are apparently vulnerable, and users are advised to upgrade to version 25.12.10.01 or newer as soon as possible. This release includes fixes for download path handling, message processing, and command encryption, which close the hole. Gigabyte has not yet released a standalone security solution, but users can find the latest version of the software in its standard distribution channels.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
