CVE-2026-12166
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
A NULL pointer dereference vulnerability in the `GFAC_Sys_x64.sys` driver of Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash.
Risk Assessment
The risk involves a local attacker being able to perform a DoS attack, potentially disrupting critical systems and causing downtime.
Recommendation
It is recommended to immediately update the `GFAC_Sys_x64.sys` driver to the latest version provided by the vendor and restrict local system access to trusted users only.
Original NVD description (English source)
A NULL pointer dereference vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash.

