Cyber Resilience

CVE-2026-0870

HighLPE

Published: 09 February 2026

Published
09 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0012 2.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-0870 is a high-severity Execution with Unnecessary Privileges (CWE-250) vulnerability in Org (inferred from references). Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2026-0870 is a local privilege escalation vulnerability in MacroHub, a software application developed by GIGABYTE. The issue stems from the MacroHub application launching external applications with improper privileges, which enables exploitation. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-250 (Execution with Unnecessary Privileges). The vulnerability was published on 2026-02-09.

Authenticated local attackers with low privileges can exploit this vulnerability to execute arbitrary code with SYSTEM-level privileges. Exploitation requires local access to the system and does not demand user interaction, making it straightforward for a compromised user account to escalate to full administrative control, potentially leading to complete system compromise including high impacts on confidentiality, integrity, and availability.

Mitigation details are provided in official advisories, including GIGABYTE's security notice at https://www.gigabyte.com/Support/Security/2362 and Taiwan's Computer Emergency Response Team (TWCERT/CC) alerts at https://www.twcert.org.tw/en/cp-139-10702-b40aa-2.html and https://www.twcert.org.tw/tw/cp-132-10701-fc9e0-1.html. Security practitioners should consult these for patch availability, workarounds, or updated versions of MacroHub.

EU & UK References

Vulnerability details

MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launching external applications with improper privileges, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local privilege escalation vulnerability allowing low-privileged users to execute code as SYSTEM via improper privilege handling on external app launches (CWE-250).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-12673Shared CWE-250
CVE-2025-40942Shared CWE-250
CVE-2025-22890Shared CWE-250
CVE-2024-49814Shared CWE-250
CVE-2025-58383Shared CWE-250
CVE-2026-32673Shared CWE-250
CVE-2026-25908Shared CWE-250
CVE-2024-21924Shared CWE-250
CVE-2026-1680Shared CWE-250
CVE-2025-13506Shared CWE-250

Affected Assets

Org
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-6 enforces least privilege, directly preventing MacroHub from launching external applications with unnecessary SYSTEM privileges as exploited in this CVE.

prevent

CM-7 restricts systems to least functionality necessary, mitigating the improper privileged execution of external applications by MacroHub.

prevent

CM-6 mandates secure configuration settings that can enforce MacroHub to operate without elevated privileges required for exploitation.

References