CVE-2026-8921
HighCVSS 8.5Summary
A vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. The issue stems from external control of file name or path.
Risk Assessment
An attacker with local access can gain full system control with highest privileges, leading to complete compromise of data confidentiality, integrity, and availability.
Recommendation
Immediately apply the security update for ASUS Business Manager as recommended in the ASUS Security Advisory.
Original NVD description (English source)
External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information.

