CVE Catalog

CVE-2026-12167

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile — higher than 2% of all known CVEs

Summary

The vulnerability in the `GFAC_Sys_x64.sys` driver of Little Orbit GFAC allows a local attacker to access privileged driver functions through a Minifilter communication port that lacks proper access restrictions.

Risk Assessment

A local attacker can exploit this flaw to escalate privileges, gaining unauthorized access to kernel functions, potentially leading to full system compromise.

Recommendation

Immediately update the Little Orbit GFAC driver to the latest patched version and restrict local system access to authorized users only.

Original NVD description (English source)

The Minifilter communication port for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS