Arbitrary Mem RW via Input Bypass in ASUS Armoury Crate
CVE-2026-8918 Published on June 22, 2026

A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write operations or cause a system crash (BSOD) by bypassing the validation mechanism.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security Advisory for more information.

NVD

Weakness Type

What is an Allowlist / Allow List Vulnerability?

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.

CVE-2026-8918 has been classified to as an Allowlist / Allow List vulnerability or weakness.

Products Associated with CVE-2026-8918

Want to know whenever a new CVE is published for Asus Armoury Crate? stack.watch will email you.

Asus Armoury Crate

Affected Versions

ASUS Armoury Crate:

Before and including 6.4.12 is affected.

Arbitrary Mem RW via Input Bypass in ASUS Armoury CrateCVE-2026-8918 Published on June 22, 2026

Weakness Type

What is an Allowlist / Allow List Vulnerability?

Products Associated with CVE-2026-8918

Affected Versions

Arbitrary Mem RW via Input Bypass in ASUS Armoury Crate
CVE-2026-8918 Published on June 22, 2026