CVE-2026-8050
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk19th percentile — higher than 19% of all known CVEs
Summary
In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers do not verify the SystemBuffer pointer before dereferencing it. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash.
Risk Assessment
This vulnerability can lead to operating system crashes, affecting the availability of services within the organization. If exploited, it can cause significant disruptions to system operations.
Recommendation
It is recommended to update to SignalRGB version 1.3.7.0 or later to mitigate this vulnerability. Additionally, monitor systems for unauthorized attempts to send IOCTL.
Original NVD description (English source)
In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non-NULL. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash.

