- GIGABYTE Control Center had critical CVE-2026-4415 vulnerability in its pairing function
- Flaws allowed unauthorized remote attackers to write arbitrary files, execute code, and escalate privileges
- Patch released in version 25.12.10.01; users are encouraged to update immediately to secure affected systems
GIGABYTE Control Center, a Windows tool that comes preloaded with certain computers, had a critical vulnerability that allowed malicious actors to access files, execute code, and trigger denial-of-service attacks on affected devices.
The bug has now been fixed and users are advised to fix it without delay.
GIGABYTE is a major hardware manufacturer known for, among other things, PC motherboards. It also built and maintains GIGABYTE Control Center, a utility for PCs powered by its motherboard. Inside, users can manage and configure various hardware components, such as fans, RGB lighting, driver and firmware updates, and more.
The article continues below
“Mating” is to blame
One of its features, called ‘pairing’, was the cause of this problem. Pairing is a feature that allows the control center to communicate with other devices over a network.
“When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation,” the National Vulnerability Database explained.
Some sources claim that the attack does not require user interaction or prior authorization, which would make it more dangerous than your average, run-of-the-mill bug.
This is likely why the bug, now tracked as CVE-2026-4415, was given a severity score of 9.2/10 (Critical). It was first revealed by Taiwan’s Computer Emergency Response Team (TWCERT/CC), which credited security researcher David Sprüngli with the discovery.
Versions 25.07.21.01 and earlier are apparently vulnerable, and users are advised to upgrade to version 25.12.10.01 or later as soon as possible. This version includes fixes for download path management, message processing, and command encryption that close the gap. Gigabyte has not yet released a standalone security bulletin, but users can find the latest version of the software in its standard distribution channels.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
