{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-8918", "assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "state": "PUBLISHED", "assignerShortName": "ASUS", "dateReserved": "2026-05-19T05:57:37.797Z", "datePublished": "2026-06-22T02:00:12.252Z", "dateUpdated": "2026-06-22T02:00:12.252Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "shortName": "ASUS", "dateUpdated": "2026-06-22T02:00:12.252Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-183", "description": "CWE-183: Permissive List of Allowed Inputs", "type": "CWE"}]}], "affected": [{"vendor": "ASUS", "product": "Armoury Crate", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "6.4.12", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:asus:armoury_crate:*:*:*:*:*:*:*:*", "versionStartIncluding": "0", "versionEndIncluding": "6.4.12"}]}]}], "descriptions": [{"lang": "en", "value": "A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write operations or cause a system crash (BSOD) by bypassing the validation mechanism.Refer to the '\nSecurity Update for Armoury Crate App\u00a0' section on the ASUS Security Advisory for more information.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write operations or cause a system crash (BSOD) by bypassing the validation mechanism.<div>Refer to the '\nSecurity Update for Armoury Crate App&nbsp;' section on the ASUS Security Advisory for more information.</div>"}]}], "references": [{"url": "https://www.asus.com/security-advisory"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "YUAN RUI", "type": "finder"}, {"lang": "en", "value": "number201724@me.com", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

{}

{}

{}

{"created": "2026-06-22T04:30:16.878722+00:00", "title": "Arbitrary Memory Access via Permissive Input Validation in ASUS Armoury Crate", "updated": "2026-06-22T04:30:16.878729+00:00", "vendors": []}