CVE-2026-36355
Published: 05 May 2026
Summary
CVE-2026-36355 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Realtek (inferred from references). Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 25.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2026-36355 is a vulnerability in the rtl8192cd Wi-Fi kernel driver within the Realtek rtl819x Jungle SDK, affecting all known versions through v3.4.14B. The issue arises because the driver lacks access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioctl 0x89F6) debug handlers, which are compiled into production builds via the unconditionally defined _IOCTL_DEBUG_CMD_ macro in 8192cd_cfg.h. This flaw is rated with a CVSS v3.1 base score of 7.7 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and is associated with CWEs 200, 782, and 787.
A local attacker can exploit this vulnerability with low complexity, no privileges, and no user interaction required. Exploitation involves issuing the vulnerable ioctls to perform arbitrary memory reads and writes, potentially leading to high confidentiality and integrity impacts, such as exposing sensitive data or modifying critical kernel memory.
Advisories and further details are available from Realtek at http://realtek.com and the GitHub repository https://github.com/totekuh/CVE-2026-36355.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-27325
Vulnerability details
The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioctl 0x89F6) debug handlers, which are compiled into production builds…
more
via the unconditionally defined _IOCTL_DEBUG_CMD_ macro in 8192cd_cfg.h
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary kernel memory read/write via unprotected debug ioctls from unprivileged local context directly enables exploitation for privilege escalation (T1068), credential access via kernel memory inspection (T1212), and OS credential dumping (T1003).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
AC-3 mandates enforcement of approved authorizations for access to system resources, directly addressing the absence of access control checks on the vulnerable write_mem and read_mem ioctls in the kernel driver.
AC-6 enforces least privilege, preventing unprivileged local attackers from exploiting the ioctls for arbitrary kernel memory reads and writes.
AC-25 requires a reference monitor to mediate all subject-object accesses, ensuring kernel drivers like rtl8192cd properly enforce access controls on debug handlers.