CVE-2026-12168
An improper validation vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to escalate privileges to SY
CVSS
7.8
High
EPSS
0.1%
p3
KEV
—
Exploit Today
1
0-100
Published: Jul 2, 2026 · Last modified: Jul 2, 2026
0.1%EPSS · 30 days0.1%
2026-07-032026-07-16
An improper validation vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port.
No related CVEs by CWE or product.