CVE-2026-0870

HighLPE

Published: 09 February 2026

Published

09 February 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0002 4.7th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0870 is a high-severity Execution with Unnecessary Privileges (CWE-250) vulnerability in Org (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match

prevent

AC-6 enforces least privilege, directly preventing MacroHub from launching external applications with unnecessary SYSTEM privileges as exploited in this CVE.

CM-7 Least Functionality good match

prevent

CM-7 restricts systems to least functionality necessary, mitigating the improper privileged execution of external applications by MacroHub.

CM-6 Configuration Settings good match

prevent

CM-6 mandates secure configuration settings that can enforce MacroHub to operate without elevated privileges required for exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Local privilege escalation vulnerability allowing low-privileged users to execute code as SYSTEM via improper privilege handling on external app launches (CWE-250).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launching external applications with improper privileges, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges.

Deeper analysisAI

CVE-2026-0870 is a local privilege escalation vulnerability in MacroHub, a software application developed by GIGABYTE. The issue stems from the MacroHub application launching external applications with improper privileges, which enables exploitation. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-250 (Execution with Unnecessary Privileges). The vulnerability was published on 2026-02-09.

Authenticated local attackers with low privileges can exploit this vulnerability to execute arbitrary code with SYSTEM-level privileges. Exploitation requires local access to the system and does not demand user interaction, making it straightforward for a compromised user account to escalate to full administrative control, potentially leading to complete system compromise including high impacts on confidentiality, integrity, and availability.

Mitigation details are provided in official advisories, including GIGABYTE's security notice at https://www.gigabyte.com/Support/Security/2362 and Taiwan's Computer Emergency Response Team (TWCERT/CC) alerts at https://www.twcert.org.tw/en/cp-139-10702-b40aa-2.html and https://www.twcert.org.tw/tw/cp-132-10701-fc9e0-1.html. Security practitioners should consult these for patch availability, workarounds, or updated versions of MacroHub.