Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Color Management Driver by FluxInk
CVE-2026-58583 (GCVE-0-2026-58583)
Vulnerability from nvd – Published: 2026-07-07 20:33 – Updated: 2026-07-07 20:33
VLAI
EPSS
VEX
Title
FluxInk Color Management Driver local privilege escalation
Summary
FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly.
Severity
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/b3s3da/TcnPeripheral64_PoC/sec… | third-party-advisory |
| https://github.com/b3s3da/TcnPeripheral64_PoC | exploit |
| https://www.cve.org/CVERecord?id=CVE-2026-58583 | vdb-entry |
| https://raw.githubusercontent.com/cisagov/CSAF/de… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FluxInk | Color Management Driver |
Affected:
0 , < 1.0.7.6
(custom)
Unaffected: 1.0.7.6 |
Date Public
2026-01-21 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Color Management Driver",
"vendor": "FluxInk",
"versions": [
{
"lessThan": "1.0.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.0.7.6"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Julian Horoszkiewicz, Atos Threat Research Center"
}
],
"datePublic": "2026-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \\Device\\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
},
{
"other": {
"content": {
"id": "CVE-2026-58583",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T15:52:01.675857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T20:33:38.658Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"tags": [
"third-party-advisory"
],
"url": "https://github.com/b3s3da/TcnPeripheral64_PoC/security/advisories/GHSA-x4rw-h4v2-v83h"
},
{
"name": "url",
"tags": [
"exploit"
],
"url": "https://github.com/b3s3da/TcnPeripheral64_PoC"
},
{
"name": "url",
"tags": [
"vdb-entry"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-58583"
},
{
"name": "url",
"tags": [
"third-party-advisory"
],
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-188-01.json"
}
],
"title": "FluxInk Color Management Driver local privilege escalation"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2026-58583",
"datePublished": "2026-07-07T20:33:38.658Z",
"dateReserved": "2026-07-01T15:47:30.055Z",
"dateUpdated": "2026-07-07T20:33:38.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58583 (GCVE-0-2026-58583)
Vulnerability from cvelistv5 – Published: 2026-07-07 20:33 – Updated: 2026-07-07 20:33
VLAI
EPSS
VEX
Title
FluxInk Color Management Driver local privilege escalation
Summary
FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly.
Severity
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/b3s3da/TcnPeripheral64_PoC/sec… | third-party-advisory |
| https://github.com/b3s3da/TcnPeripheral64_PoC | exploit |
| https://www.cve.org/CVERecord?id=CVE-2026-58583 | vdb-entry |
| https://raw.githubusercontent.com/cisagov/CSAF/de… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FluxInk | Color Management Driver |
Affected:
0 , < 1.0.7.6
(custom)
Unaffected: 1.0.7.6 |
Date Public
2026-01-21 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Color Management Driver",
"vendor": "FluxInk",
"versions": [
{
"lessThan": "1.0.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.0.7.6"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Julian Horoszkiewicz, Atos Threat Research Center"
}
],
"datePublic": "2026-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \\Device\\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
},
{
"other": {
"content": {
"id": "CVE-2026-58583",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T15:52:01.675857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T20:33:38.658Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"tags": [
"third-party-advisory"
],
"url": "https://github.com/b3s3da/TcnPeripheral64_PoC/security/advisories/GHSA-x4rw-h4v2-v83h"
},
{
"name": "url",
"tags": [
"exploit"
],
"url": "https://github.com/b3s3da/TcnPeripheral64_PoC"
},
{
"name": "url",
"tags": [
"vdb-entry"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-58583"
},
{
"name": "url",
"tags": [
"third-party-advisory"
],
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-188-01.json"
}
],
"title": "FluxInk Color Management Driver local privilege escalation"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2026-58583",
"datePublished": "2026-07-07T20:33:38.658Z",
"dateReserved": "2026-07-01T15:47:30.055Z",
"dateUpdated": "2026-07-07T20:33:38.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}