Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs.