Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by FluxInk

    CVE-2026-58583 (GCVE-0-2026-58583)

    Vulnerability from nvd – Published: 2026-07-07 20:33 – Updated: 2026-07-07 20:33
    VLAI
    Title
    FluxInk Color Management Driver local privilege escalation
    Summary
    FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    FluxInk Color Management Driver Affected: 0 , < 1.0.7.6 (custom)
    Unaffected: 1.0.7.6
    Create a notification for this product.
    Date Public
    2026-01-21 00:00
    Credits
    Julian Horoszkiewicz, Atos Threat Research Center
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Color Management Driver",
              "vendor": "FluxInk",
              "versions": [
                {
                  "lessThan": "1.0.7.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.0.7.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Julian Horoszkiewicz, Atos Threat Research Center"
            }
          ],
          "datePublic": "2026-01-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \\Device\\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            },
            {
              "other": {
                "content": {
                  "id": "CVE-2026-58583",
                  "options": [
                    {
                      "Exploitation": "poc"
                    },
                    {
                      "Automatable": "no"
                    },
                    {
                      "Technical Impact": "total"
                    }
                  ],
                  "role": "CISA Coordinator",
                  "timestamp": "2026-07-01T15:52:01.675857Z",
                  "version": "2.0.3"
                },
                "type": "ssvc"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T20:33:38.658Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://github.com/b3s3da/TcnPeripheral64_PoC/security/advisories/GHSA-x4rw-h4v2-v83h"
            },
            {
              "name": "url",
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/b3s3da/TcnPeripheral64_PoC"
            },
            {
              "name": "url",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-58583"
            },
            {
              "name": "url",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-188-01.json"
            }
          ],
          "title": "FluxInk Color Management Driver local privilege escalation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2026-58583",
        "datePublished": "2026-07-07T20:33:38.658Z",
        "dateReserved": "2026-07-01T15:47:30.055Z",
        "dateUpdated": "2026-07-07T20:33:38.658Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58583 (GCVE-0-2026-58583)

    Vulnerability from cvelistv5 – Published: 2026-07-07 20:33 – Updated: 2026-07-07 20:33
    VLAI
    Title
    FluxInk Color Management Driver local privilege escalation
    Summary
    FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    FluxInk Color Management Driver Affected: 0 , < 1.0.7.6 (custom)
    Unaffected: 1.0.7.6
    Create a notification for this product.
    Date Public
    2026-01-21 00:00
    Credits
    Julian Horoszkiewicz, Atos Threat Research Center
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Color Management Driver",
              "vendor": "FluxInk",
              "versions": [
                {
                  "lessThan": "1.0.7.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.0.7.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Julian Horoszkiewicz, Atos Threat Research Center"
            }
          ],
          "datePublic": "2026-01-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \\Device\\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            },
            {
              "other": {
                "content": {
                  "id": "CVE-2026-58583",
                  "options": [
                    {
                      "Exploitation": "poc"
                    },
                    {
                      "Automatable": "no"
                    },
                    {
                      "Technical Impact": "total"
                    }
                  ],
                  "role": "CISA Coordinator",
                  "timestamp": "2026-07-01T15:52:01.675857Z",
                  "version": "2.0.3"
                },
                "type": "ssvc"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T20:33:38.658Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://github.com/b3s3da/TcnPeripheral64_PoC/security/advisories/GHSA-x4rw-h4v2-v83h"
            },
            {
              "name": "url",
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/b3s3da/TcnPeripheral64_PoC"
            },
            {
              "name": "url",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-58583"
            },
            {
              "name": "url",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-188-01.json"
            }
          ],
          "title": "FluxInk Color Management Driver local privilege escalation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2026-58583",
        "datePublished": "2026-07-07T20:33:38.658Z",
        "dateReserved": "2026-07-01T15:47:30.055Z",
        "dateUpdated": "2026-07-07T20:33:38.658Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }