Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On specific models , this can also cause a single feature to become unavailable .
Refer to the ' Security Update for Aura Wallpaper Service ' section on the ASUS Security Advisory for more information.
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| https://www.asus.com/security-advisory/ |
|
History
Wed, 15 Jul 2026 02:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On specific models , this can also cause a single feature to become unavailable . Refer to the ' Security Update for Aura Wallpaper Service ' section on the ASUS Security Advisory for more information. | |
| First Time appeared |
Asus
Asus aura Wallpaper Service |
|
| Weaknesses | CWE-73 CWE-923 |
|
| CPEs | cpe:2.3:a:asus:aura_wallpaper_service:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Asus
Asus aura Wallpaper Service |
|
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: ASUS
Published:
Updated: 2026-07-15T02:00:56.653Z
Reserved: 2026-05-19T05:58:49.026Z
Link: CVE-2026-8920
No data.
No data.
No data.
OpenCVE Enrichment
No data.