Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in information disclosure or data tampering, may cause GameSDK to become unavailable, and may also enable access to the victim’s information on other services.
Refer to the ' Security Update for ASUS GameSDK  ' section on the ASUS Security Advisory for more information.

Project Subscriptions

Vendors Products
Gamesdk Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
History

Wed, 15 Jul 2026 02:15:00 +0000

Type Values Removed Values Added
Description Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in information disclosure or data tampering, may cause GameSDK to become unavailable, and may also enable access to the victim’s information on other services. Refer to the ' Security Update for ASUS GameSDK  ' section on the ASUS Security Advisory for more information.
First Time appeared Asus
Asus gamesdk
Weaknesses CWE-942
CPEs cpe:2.3:a:asus:gamesdk:*:*:*:*:*:*:*:*
Vendors & Products Asus
Asus gamesdk
References
Metrics cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: ASUS

Published:

Updated: 2026-07-15T02:00:46.017Z

Reserved: 2026-05-19T05:58:10.712Z

Link: CVE-2026-8919

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses