High severity7.8NVD Advisory· Published Mar 30, 2026· Updated Apr 8, 2026

CVE-2026-4416

Description

The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation.

Affected products

Gigabyte/Performance Library
cpe:2.3:a:gigabyte:performance_library:*:*:*:*:*:*:*:*
Range: <25.12.31.01

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.twcert.org.tw/en/cp-139-10806-fbc4a-2.htmlnvdThird Party Advisory
www.twcert.org.tw/tw/cp-132-10805-a53f6-1.htmlnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000