Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in information disclosure or data tampering, may cause GameSDK to become unavailable, and may also enable access to the victim’s information on other services. Refer to the ' Security Update for ASUS GameSDK  ' section on the ASUS Security Advisory for more information.
References
History

Wed, 15 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 15 Jul 2026 02:15:00 +0000

Type Values Removed Values Added
Description Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in information disclosure or data tampering, may cause GameSDK to become unavailable, and may also enable access to the victim’s information on other services. Refer to the ' Security Update for ASUS GameSDK  ' section on the ASUS Security Advisory for more information.
First Time appeared Asus
Asus gamesdk
Weaknesses CWE-942
CPEs cpe:2.3:a:asus:gamesdk:*:*:*:*:*:*:*:*
Vendors & Products Asus
Asus gamesdk
References
Metrics cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ASUS

Published: 2026-07-15T02:00:46.017Z

Updated: 2026-07-15T12:34:38.596Z

Reserved: 2026-05-19T05:58:10.712Z

Link: CVE-2026-8919

cve-icon Vulnrichment

Updated: 2026-07-15T12:34:24.560Z

cve-icon NVD

No data.

cve-icon Redhat

No data.