Cyber Resilience

CVE-2026-4416

High

Published: 30 March 2026

Published
30 March 2026
Modified
08 April 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0021 10.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-4416 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Gigabyte Performance Library. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-4416 is an Insecure Deserialization vulnerability (CWE-502) affecting the Performance Library component of Gigabyte Control Center. Published on 2026-03-30T08:16:18.360, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact potential from local access.

Authenticated local attackers can exploit the vulnerability by sending a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation. The low attack complexity and required low privileges, combined with no need for user interaction, make it accessible to compromised user accounts on the system.

Advisories from TWCERT provide further details on mitigation, available at https://www.twcert.org.tw/en/cp-139-10806-fbc4a-2.html and https://www.twcert.org.tw/tw/cp-132-10805-a53f6-1.html.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Insecure deserialization in local EasyTune Engine service directly enables local authenticated attackers to achieve arbitrary code execution and privilege escalation (CVSS AV:L vector).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-26921Shared CWE-502
CVE-2025-8875Shared CWE-502
CVE-2026-32184Shared CWE-502
CVE-2026-4415Same vendor: Gigabyte
CVE-2026-32192Shared CWE-502
CVE-2026-24159Shared CWE-502
CVE-2025-23303Shared CWE-502
CVE-2025-66214Shared CWE-502
CVE-2026-25166Shared CWE-502
CVE-2026-37552Shared CWE-502

Affected Assets

gigabyte
performance library
≤ 25.12.31.01

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely identification, reporting, and correction of flaws like this insecure deserialization vulnerability through patching.

prevent

SI-10 mandates validation of information inputs, directly preventing malicious serialized payloads from being deserialized by the EasyTune Engine service.

prevent

AC-6 enforces least privilege on the service process, limiting the impact of privilege escalation resulting from successful deserialization.

References