GIGABYTE｜Performance Library - Insecure Deserialization

Description

The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation.

Affected Products

Vendor	Product	Versions
gigabyte	performance library	0

References

https://www.twcert.org.tw/tw/cp-132-10805-a53f6-1.html(third-party-advisory)
https://www.twcert.org.tw/en/cp-139-10806-fbc4a-2.html(third-party-advisory)

Related News (1 articles)

Tier C

VulDB1d ago

CVE-2026-4416 | GIGABYTE Control Center prior 25.12.31.01 Performance Library deserialization

→ No new info (linked only)

CVSS 3.17.8 NONE

CISA KEV❌ No

Actively exploited❌ No

Patch available25.12.31.01

CWECWE-502

PublishedMar 30, 2026

Last enriched1d agov2

Trending Score21

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 1d ago

v2Tier C1d ago

Updated severity to CRITICAL, added patch version 25.12.31.01, and corrected exploit availability status.

severitypatchAvailable

via VulDB

v11d ago

Initial creation

GIGABYTE｜Performance Library - Insecure Deserialization

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (1)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History