Description
Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in information disclosure or data tampering, may cause GameSDK to become unavailable, and may also enable access to the victim’s information on other services.
Refer to the ' Security Update for ASUS GameSDK  ' section on the ASUS Security Advisory for more information.
Published: 2026-07-15
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
History

Wed, 15 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 15 Jul 2026 02:15:00 +0000

Type Values Removed Values Added
Description Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in information disclosure or data tampering, may cause GameSDK to become unavailable, and may also enable access to the victim’s information on other services. Refer to the ' Security Update for ASUS GameSDK  ' section on the ASUS Security Advisory for more information.
First Time appeared Asus
Asus gamesdk
Weaknesses CWE-942
CPEs cpe:2.3:a:asus:gamesdk:*:*:*:*:*:*:*:*
Vendors & Products Asus
Asus gamesdk
References
Metrics cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ASUS

Published:

Updated: 2026-07-15T12:34:38.596Z

Reserved: 2026-05-19T05:58:10.712Z

Link: CVE-2026-8919

cve-icon Vulnrichment

Updated: 2026-07-15T12:34:24.560Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-15T14:30:15Z

Weaknesses