Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On specific models , this can also cause a single feature to become unavailable .
Refer to the ' Security Update for Aura Wallpaper Service ' section on the ASUS Security Advisory for more information.

Project Subscriptions

Vendors Products
Aura Wallpaper Service Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
History

Wed, 15 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 15 Jul 2026 02:15:00 +0000

Type Values Removed Values Added
Description Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On specific models , this can also cause a single feature to become unavailable . Refer to the ' Security Update for Aura Wallpaper Service ' section on the ASUS Security Advisory for more information.
First Time appeared Asus
Asus aura Wallpaper Service
Weaknesses CWE-73
CWE-923
CPEs cpe:2.3:a:asus:aura_wallpaper_service:*:*:*:*:*:*:*:*
Vendors & Products Asus
Asus aura Wallpaper Service
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: ASUS

Published:

Updated: 2026-07-15T13:12:23.878Z

Reserved: 2026-05-19T05:58:49.026Z

Link: CVE-2026-8920

cve-icon Vulnrichment

Updated: 2026-07-15T13:12:17.520Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-15T13:45:14Z

Weaknesses