- GIGABYTE Control Center had a critical vulnerability CVE-2026-4415 in its pairing function
- A flaw allowed unauthenticated remote attackers to write arbitrary files, execute code, and escalate privileges
- Patch released in version 25.12.10.01; Users are urged to update immediately to protect affected systems.
GIGABYTE Control Center, a Windows utility that comes preloaded with certain computers, had a critical severity vulnerability that allowed malicious actors to access files, execute code, and trigger denial of service conditions on affected devices.
The error has now been fixed and users are advised to fix it without delay.
GIGABYTE is a major hardware manufacturer known for, among other things, PC motherboards. He also created and maintains GIGABYTE Control Center, a utility program for PCs powered by their motherboards. Inside, users can manage and configure different hardware components, such as fans, RGB lights, driver and firmware updates, and more.
Article continues below.
“Pairing” is to blame
One of its features, called “pairing”, was the main cause of this problem. Pairing is a feature that allows Control Center to communicate with other devices over a network.
“When the peering feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation,” the National Vulnerability Database explained.
Some sources claim that the attack requires no user interaction or prior authentication, which would make it more dangerous than the run-of-the-mill bug.
It’s probably why the bug, now tracked as CVE-2026-4415, received a severity score of 9.2/10 (critical). It was first revealed by the Taiwan Computer Emergency Response Team (TWCERT/CC), who credited security researcher David Sprüngli for the discovery.
Versions 25.07.21.01 and earlier are apparently vulnerable, and users are recommended to update to version 25.12.10.01 or later as soon as possible. This release includes fixes for download path management, message processing, and command encryption, which plug the hole. Gigabyte has not yet released a standalone security bullet, but users can find the latest version of the software in its standard distribution channels.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
