CVE-2026-58583 (GCVE-0-2026-58583)
Vulnerability from cvelistv5 – Published: 2026-07-07 20:33 – Updated: 2026-07-07 20:33
VLAI
EPSS
VEX
Title
FluxInk Color Management Driver local privilege escalation
Summary
FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly.
Severity
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/b3s3da/TcnPeripheral64_PoC/sec… | third-party-advisory |
| https://github.com/b3s3da/TcnPeripheral64_PoC | exploit |
| https://www.cve.org/CVERecord?id=CVE-2026-58583 | vdb-entry |
| https://raw.githubusercontent.com/cisagov/CSAF/de… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FluxInk | Color Management Driver |
Affected:
0 , < 1.0.7.6
(custom)
Unaffected: 1.0.7.6 |
Date Public
2026-01-21 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Color Management Driver",
"vendor": "FluxInk",
"versions": [
{
"lessThan": "1.0.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.0.7.6"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Julian Horoszkiewicz, Atos Threat Research Center"
}
],
"datePublic": "2026-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \\Device\\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
},
{
"other": {
"content": {
"id": "CVE-2026-58583",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T15:52:01.675857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T20:33:38.658Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"tags": [
"third-party-advisory"
],
"url": "https://github.com/b3s3da/TcnPeripheral64_PoC/security/advisories/GHSA-x4rw-h4v2-v83h"
},
{
"name": "url",
"tags": [
"exploit"
],
"url": "https://github.com/b3s3da/TcnPeripheral64_PoC"
},
{
"name": "url",
"tags": [
"vdb-entry"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-58583"
},
{
"name": "url",
"tags": [
"third-party-advisory"
],
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-188-01.json"
}
],
"title": "FluxInk Color Management Driver local privilege escalation"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2026-58583",
"datePublished": "2026-07-07T20:33:38.658Z",
"dateReserved": "2026-07-01T15:47:30.055Z",
"dateUpdated": "2026-07-07T20:33:38.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-58583",
"date": "2026-07-15",
"epss": "0.00101",
"percentile": "0.01106"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-58583\",\"sourceIdentifier\":\"9119a7d8-5eab-497f-8521-727c672e3725\",\"published\":\"2026-07-07T21:17:29.163\",\"lastModified\":\"2026-07-08T15:01:22.897\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \\\\Device\\\\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly.\"}],\"affected\":[{\"source\":\"9119a7d8-5eab-497f-8521-727c672e3725\",\"affectedData\":[{\"vendor\":\"FluxInk\",\"product\":\"Color Management Driver\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.0.7.6\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"1.0.7.6\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"9119a7d8-5eab-497f-8521-727c672e3725\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"9119a7d8-5eab-497f-8521-727c672e3725\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}],\"ssvcV203\":[{\"source\":\"9119a7d8-5eab-497f-8521-727c672e3725\",\"ssvcData\":{\"timestamp\":\"2026-07-01T15:52:01.675857Z\",\"id\":\"CVE-2026-58583\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"9119a7d8-5eab-497f-8521-727c672e3725\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"references\":[{\"url\":\"https://github.com/b3s3da/TcnPeripheral64_PoC\",\"source\":\"9119a7d8-5eab-497f-8521-727c672e3725\"},{\"url\":\"https://github.com/b3s3da/TcnPeripheral64_PoC/security/advisories/GHSA-x4rw-h4v2-v83h\",\"source\":\"9119a7d8-5eab-497f-8521-727c672e3725\"},{\"url\":\"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-188-01.json\",\"source\":\"9119a7d8-5eab-497f-8521-727c672e3725\"},{\"url\":\"https://www.cve.org/CVERecord?id=CVE-2026-58583\",\"source\":\"9119a7d8-5eab-497f-8521-727c672e3725\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…