Skip to main content
CVE-2026-55122 HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Office Excel (2016, Office 2019, LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) lets an attacker read out-of-bounds memory when a victim opens a maliciously crafted spreadsheet, potentially leaking sensitive process data such as memory contents, pointers, or credentials. Rated CVSS 7.1 with a local attack vector requiring user interaction, the flaw stems from a CWE-125 out-of-bounds read in Excel's file parser. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the ubiquity of Excel and Microsoft's confirmed patch make prompt patching important.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-46627 HIGH PATCH This Week

Twig is a template language for PHP. Prior to 3.26.0, the Twig sandbox does not prevent a template from consuming CPU, memory, or wall-clock time, even under the strictest allow-list, allowing untrusted templates to cause resource exhaustion. This issue is addressed in version 3.26.0 by documenting that the sandbox does not protect against resource exhaustion.

Denial Of Service Twig
NVD GitHub
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-49165 HIGH PATCH Exploit Unlikely This Week

Local information disclosure in the Microsoft Windows App Store (Store/AppX component) affects a broad range of Windows 10, Windows 11, and Windows Server releases (1607 through 26H1, Server 2016/2019/2022/2025). An authorized local attacker can leverage a use of uninitialized resource (CWE-908) to read memory contents that should not be exposed, with CVSS 7.1 reflecting high confidentiality impact but requiring low-privileged authenticated local access. There is no public exploit identified at time of analysis, it is not listed in CISA KEV, and Microsoft has released a patch via the MSRC update guide.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-50354 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Kernel lets an already-authenticated, low-privileged user corrupt kernel memory via a use-after-free (CWE-416) and gain higher privileges on the host. The flaw affects a broad range of currently-supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025); Microsoft has shipped a fix. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-50465 HIGH PATCH Exploit Unlikely This Week

Local integrity and availability tampering in the Microsoft Windows DNS component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where an authorized attacker with low privileges can abuse improper access control to modify DNS data or disrupt the service. Microsoft self-reported the issue and has released a patch. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, so exploitation would currently require local access on an already-compromised or shared host.

Authentication Bypass Microsoft Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-59674 HIGH PATCH This Week

Local privilege escalation in the openSUSE Tumbleweed packaging of Suricata allows the unprivileged 'suricata' service account to gain root through a symbolic-link following flaw (CWE-61) in files or directories the package manages with predictable, service-writable paths. Any actor already holding the suricata user context - for example via a compromised or misconfigured IDS/IPS process - can plant a symlink that redirects a root-executed operation to a target of their choosing, yielding full system compromise. The CVSS 4.0 exploit-maturity metric is set to Proof-of-Concept (E:P); there is no evidence of active exploitation in CISA KEV, and no public exploit identified at time of analysis.

Privilege Escalation Suricata Opensuse Tumbleweed
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-5040 HIGH PATCH This Week

Credential disclosure in TP-Link Deco M5 v1 mesh routers stems from a weak (computationally cheap) password-hashing scheme used to store local user credentials, letting an attacker who has already obtained the stored hash recover the plaintext password via offline brute-force or dictionary attacks. Affected devices are the Deco M5 v1 hardware revision, and successful cracking yields access to device management functions scoped to the recovered account's privileges. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; the CVSS 4.0 vector (AV:L/AC:H/PR:H) reflects that it is a post-compromise credential-recovery weakness rather than a remote entry point.

TP-Link Authentication Bypass Deco M5 Deco M5 V1
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-47999 MEDIUM This Month

Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.

XSS Adobe Adobe Commerce Adobe Commerce B2B Magento Open Source +1
NVD
CVSS 3.1
4.8
EPSS
11.5%
CVE-2026-15641 HIGH PATCH This Week

Authorization bypass in Devolutions Server 2026.2.11 and 2026.1.22 lets an authenticated low-privileged user approve their own pending access request by calling the access request status endpoint directly, bypassing the mandatory approver review. Because access requests gate elevated access to protected resources, this effectively grants unauthorized privileged access (CVSS 7.1). There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the issue was disclosed and patched by the vendor.

Authentication Bypass Server
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-55898 HIGH PATCH This Week

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-50682 HIGH PATCH This Week

Denial of service in Windows Active Directory allows an authenticated network attacker to crash or degrade the directory service via an out-of-bounds read (CWE-125). The flaw affects Active Directory across Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2022/2025 including Server Core; there is no public exploit identified at time of analysis. Impact is primarily availability (A:H) with a minor confidentiality leak (C:L), and Microsoft has released a patch.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 +6
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2026-50451 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Routing and Remote Access Service (RRAS) allows a low-privileged authenticated user to elevate to higher privileges on affected Windows 10, Windows 11, and Windows Server 2012 through 2025 systems. The flaw stems from a missing authentication check on a critical RRAS function (CWE-306), letting an already-authorized local attacker invoke privileged functionality without proper authorization. Microsoft has released a patch; there is no public exploit identified at time of analysis.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-50428 HIGH PATCH Exploit Unlikely This Week

Local information disclosure in the Windows Container Isolation FS Filter Driver (unionfs.sys) on Windows 11 version 26H1 allows an authorized low-privileged user to read memory outside intended bounds and disclose sensitive kernel or process data. The flaw was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis. CVSS 7.1 (AV:L) reflects local access with low privileges but high confidentiality impact.

Buffer Overflow Microsoft Information Disclosure Windows 11 Version 26H1
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-49791 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Routing and Remote Access Service (RRAS) allows an already-authenticated low-privileged user to abuse a link-following (symlink/junction) flaw to gain higher privileges on the host. The bug affects a broad range of client and server SKUs from Windows Server 2012 through Windows Server 2025 and Windows 10 1607 through Windows 11 26H1, and Microsoft has shipped a fix. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-55144 HIGH PATCH This Week

Local tampering in Windows CryptoAPI (Crypt32) on Windows 11 (24H2/25H2/26H1) and Windows Server 2022/2025 stems from a missing cryptographic step, letting an authenticated local attacker undermine the integrity and confidentiality of cryptographically protected data. Microsoft rates it 7.1 (High) with high confidentiality and integrity impact; there is no public exploit identified at time of analysis and it is not on the CISA KEV list. A vendor patch is available through the MSRC update guide.

Microsoft Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +3
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-55651 HIGH This Week

Broken object-level authorization in Easy!Appointments 1.5.2 lets any authenticated user query the customers search endpoint to harvest the appointment hash tokens of other users and providers. Because these hashes act as the access control for appointment operations, an attacker can then edit or delete appointments they do not own, achieving a full Appointments Takeover across other providers. No public exploit identified at time of analysis; the flaw is fixed in version 1.6.0.

Information Disclosure Easyappointments
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-10671 HIGH PATCH This Week

Kernel object corruption in Zephyr RTOS (v4.1.0 through v4.4.0) lets a deprivileged user thread on CONFIG_USERSPACE builds re-initialize a live k_pipe to which it has been granted access, orphaning threads already blocked on that pipe. Because z_impl_k_pipe_init() unconditionally resets the ring buffer and wait queues without accounting for pended waiters, a subsequent timeout or wake drives sys_dlist_remove() through dangling pointers, producing an attacker-influenced invalid kernel write, list corruption, lost wakeups, and silent data loss. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the fix hardens the k_pipe_init syscall verifier.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-56173 HIGH PATCH This Week

Local privilege elevation in the Windows WebView component affects a broad range of currently-supported Windows client and server builds (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019/2022/2025). By triggering a use-after-free (CWE-416) memory-corruption condition, an already-authenticated low-privilege attacker can execute code in a higher-privilege context, yielding full confidentiality, integrity, and availability impact on the local system. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +11
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50491 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Code Integrity module (ci.dll) lets an already-authenticated low-privileged attacker read out-of-bounds memory (CWE-125) and leverage the resulting condition to gain higher privileges on affected Windows 10, Windows 11, and Windows Server systems back to Server 2012. The CVSS 3.1 score is 7.0 (High) with a local vector and high attack complexity, and there is no public exploit identified at time of analysis. Microsoft self-reported the issue and has released a patch through the MSRC update guide.

Buffer Overflow Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50317 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 lets an already-authenticated, low-privileged attacker win a race condition (CWE-362) over an improperly synchronized shared resource to elevate privileges. Reported by Microsoft itself, the flaw carries a CVSS 7.0 and per SSVC has total technical impact but is not automatable and shows no observed exploitation; no public exploit is identified at time of analysis. EPSS is low at 0.24% (16th percentile), consistent with the high attack complexity of reliably timing the race.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-58637 HIGH PATCH This Week

Local privilege escalation in the Microsoft Windows Client-Side Caching (CSC) Service, driven by a use-after-free (CWE-416) memory-corruption flaw affecting Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. An authorized attacker who already holds low-level privileges (PR:L) on the host can trigger the freed-object reuse to gain elevated, likely SYSTEM-level, privileges. The issue was reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and no CISA KEV listing.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-58629 HIGH PATCH This Week

Local privilege escalation in the Windows DirectX graphics subsystem allows an authenticated attacker with low privileges to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory-corruption condition. The flaw affects a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 3.1 base score is 7.0 (High), tempered by high attack complexity.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +18
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-58619 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Sensor Data Service arises from a use-after-free (CWE-416) memory corruption flaw that an already-authenticated attacker can trigger to run code at higher privilege. It affects a broad range of client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). Reported by Microsoft with a patch available; no public exploit identified at time of analysis, and the CVSS:3.1 score is 7.0 (High).

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50323 HIGH PATCH This Week

Local privilege escalation in Windows Runtime (WinRT) on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local user to gain higher privileges by exploiting a use-after-free memory-corruption flaw (CWE-416). Successful exploitation yields high confidentiality, integrity, and availability impact, effectively enabling escalation to SYSTEM-level control on the host. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; the elevated attack complexity (AC:H) indicates exploitation requires winning a race or meeting specific timing/heap conditions.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-48571 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows App Installer (the AppX/MSIX deployment component) lets a low-privileged but authenticated user corrupt memory via a use-after-free (CWE-416) and gain higher privileges on the host. The flaw affects Windows 11 (23H2, 24H2, 25H2, 26H1) and Windows Server 2025, was reported by Microsoft, and has a vendor patch available. There is no public exploit identified at time of analysis and it is not on CISA KEV, though the CVSS 7.0 rating and full C/I/A impact make it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 23H2 +5
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50325 HIGH PATCH Exploit Likely This Week

Privilege escalation in the Windows Win32K kernel-mode subsystem lets an already-authenticated local user gain SYSTEM-level control across a broad range of Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). Rooted in improper access control (CWE-284), successful exploitation yields full confidentiality, integrity, and availability impact on the host. There is no public exploit identified at time of analysis and the CVSS vector's high attack complexity (AC:H) tempers the practical risk.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50297 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an already-authenticated, low-privileged user to elevate to SYSTEM through improper access control (CWE-284). Affected builds span Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. No public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50296 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Graphics Kernel component allows a low-privileged local user to elevate to SYSTEM by exploiting a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of Windows 10, Windows 11, and Windows Server releases, was reported by Microsoft, and has a vendor-released patch available. No public exploit is identified at time of analysis and it is not listed in CISA KEV; the high attack complexity (AC:H) makes reliable exploitation non-trivial.

Use After Free Memory Corruption Denial Of Service Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-49162 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Brokering File System (bfs.sys/Bfs component) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where a use-after-free (CWE-416) lets an already-authenticated local attacker corrupt kernel/broker memory to gain SYSTEM-level privileges. Exploitation requires low privileges but high attack complexity, and there is no public exploit identified at time of analysis. Microsoft has released a patch via its MSRC update guide.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD VulDB
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50322 HIGH PATCH This Week

Local privilege escalation in the Windows Runtime (WinRT) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a race condition (CWE-362) in the handling of a shared resource allows an already-authenticated low-privileged attacker to win a timing window and elevate to higher privileges. Exploitation requires winning a non-deterministic race (AC:H) and low-level access to the target host (PR:L, AV:L), and there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Microsoft has published an advisory and released a patch.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50321 HIGH PATCH This Week

Local privilege escalation in the Microsoft Windows USB driver stack lets an already-authenticated low-privileged user win a race condition (CWE-362) to gain SYSTEM-level control across Windows 10 (1607-22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. EPSS is low (0.19%, 9th percentile) and SSVC rates exploitation as none but technical impact as total, indicating high damage potential if a working exploit is developed.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-54107 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an authenticated low-privileged user to win a race condition and elevate to SYSTEM across Windows 10, Windows 11 (through 26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a patch available, it carries CVSS 7.0 but a high attack complexity (AC:H) reflecting the timing-sensitive nature of the flaw. There is no public exploit identified at time of analysis, and EPSS is low (0.19%, 9th percentile), consistent with CISA SSVC rating exploitation as 'none.'

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-48572 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows App Installer (App Installer / MSIX handler) on Windows 11 (23H2 through 26H1) and Windows Server 2025 lets an already-authenticated local attacker win a timing race to elevate to higher privileges. The flaw stems from improper synchronization of a shared resource during concurrent execution, and Microsoft has released a patch. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure Windows 11 Version 23H2 Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50384 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Clip Service (clipboard/cloud clipboard component, cbdhsvc) affects a broad range of Windows 10, Windows 11, and Windows Server 2019-2025 builds, where a race condition in concurrent access to a shared resource lets an already-authenticated local attacker win a timing window to gain higher privileges. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Note a source conflict: the description and CWE describe privilege elevation with high confidentiality/integrity/availability impact, while the intelligence tags label it 'Information Disclosure' - treat the primary impact as local EoP per the CVSS vector.

Microsoft Race Condition Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50356 HIGH PATCH This Week

Local privilege escalation in the Microsoft Windows App Store (AppX/package deployment component) allows an authorized, low-privileged user to win a race condition and gain higher privileges on affected Windows client and server builds spanning Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Exploitation requires local access and already-held low privileges, and the high attack complexity reflects the timing precision needed to win the race. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-49803 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows AppX Deployment Service (AppXSvc) lets an already-authenticated, low-privileged user win a race condition to elevate to higher privileges across a broad range of Windows client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025). The flaw stems from improper synchronization of a shared resource, and successful exploitation yields full confidentiality, integrity, and availability impact on the host. It is reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-49806 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows USB Print Driver affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a race condition (improper synchronization of a shared resource) lets an already-authenticated local user win a timing window to execute code at elevated privilege. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not on CISA KEV. The high CVSS attack complexity (AC:H) reflects that the attacker must reliably win a narrow race, which tempers real-world exploitability.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-49802 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows USB Print Driver on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an already-authenticated local user to win a timing race and elevate to SYSTEM-level privileges. The flaw is a race condition (CWE-362) reported by Microsoft; a vendor patch is available, and there is no public exploit identified at time of analysis. Exploitation is constrained by high attack complexity (winning the race window) but yields full confidentiality, integrity, and availability impact once achieved.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-49183 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Clipboard Server (Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025) allows an already-authenticated low-privileged user to win a race condition and gain higher privileges on the host. Microsoft credits its own researchers and has shipped a fix; there is no public exploit identified at time of analysis and the CVSS base score is 7.0 (High). The high attack complexity reflects the timing precision needed to exploit the race, which meaningfully limits reliable weaponization.

Microsoft Race Condition Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-54112 HIGH PATCH This Week

Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an already-authenticated attacker to win a race condition (CWE-362) and elevate to SYSTEM-level privileges across supported Windows 10, Windows 11, and Windows Server 2019-2025 builds. Reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis and EPSS is low (0.16%, 5th percentile). CVSS 7.0 reflects high attack complexity (AC:H) driven by the timing-window nature of the flaw and the requirement for existing low-privilege access (PR:L).

Microsoft Race Condition Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-54111 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows USB Print Driver on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 lets an already-authenticated low-privileged user win a timing race in the driver to gain elevated privileges. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV. The high attack complexity (must reliably win a race window) tempers real-world exploitability despite full confidentiality, integrity, and availability impact.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-49784 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows App Store component (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025) allows an authorized low-privileged attacker to win a race condition on an improperly synchronized shared resource and gain higher privileges. Exploitation is local-only and high-complexity because it depends on reliably hitting a narrow timing window, and no public exploit has been identified at time of analysis. A vendor patch is available via Microsoft's MSRC update guide.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-54684 HIGH PATCH This Week

jadx is a Dex to Java decompiler. From 1.5.2 to 1.5.5, a malicious .xapk file can cause jadx to write attacker-controlled archive entry contents outside the intended XAPK plugin temporary unpack directory because XApkLoader resolves each entry name directly with tmpDir.resolve(fileName) after a CWD-based ZIP security check. When jadx is launched from a directory that is an ancestor of the config directory, the arbitrary write can plant a JAR in plugins/dropins, and the next jadx run loads the JAR with URLClassLoader and ServiceLoader, executing attacker-controlled plugin code. This issue is fixed in version 1.5.6.

Java Path Traversal
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-6851 HIGH PATCH This Week

Local privilege escalation in Bitdefender Total Security and Internet Security for Windows (versions before 27.0.58.315) lets a less-privileged local user gain higher rights by abusing a symbolic-link race condition in the File Shredder module. Because the shredder operates with elevated privileges and does not safely resolve links before acting on files, an attacker who wins a time-of-check/time-of-use race can redirect a privileged file operation to a target of their choosing. No public exploit identified at time of analysis; the issue was reported by the vendor and requires local access plus user interaction, so EPSS-style mass-exploitation risk is limited.

Microsoft Information Disclosure Total Security Internet Security
NVD VulDB
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-56187 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows MIDI Service Module affects Windows 11 versions 24H2, 25H2, and 26H1, where a use-after-free (CWE-416) memory corruption lets an already-authorized local user run code with elevated privileges. Microsoft rates it CVSS 7.0 and has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Exploitation is non-trivial due to high attack complexity and requires the attacker to already hold low-level local privileges.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +2
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-56183 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows MIDI Service Module affects Windows 11 versions 24H2, 25H2, and 26H1, where a use-after-free (CWE-416) memory-corruption flaw lets an already-authenticated local user elevate to higher privileges. Exploitation requires winning a race condition (high attack complexity), and Microsoft has released a fix; no public exploit identified at time of analysis. Rated CVSS 7.0 with full confidentiality, integrity, and availability impact once triggered.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +2
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50359 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft XML Core Services (MSXML) lets a low-privileged, authorized attacker on a Windows host reclaim a freed object (use-after-free, CWE-416) to run code at elevated privilege. It affects a broad Windows footprint spanning Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025, including Server Core installations. Microsoft reported the flaw, a patch is available, and there is no public exploit identified at time of analysis; CISA SSVC currently rates exploitation as none.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50674 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft's Windows USB Print Driver stems from a use-after-free (CWE-416) memory corruption flaw affecting Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. A low-privileged authenticated attacker who can execute code on the host and win a memory-timing race can corrupt kernel memory to gain higher (SYSTEM-level) privileges. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation is not currently observed in the wild.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50672 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows NTFS (New Technology File System) driver lets an already-authenticated low-privileged user corrupt kernel memory via a use-after-free (CWE-416) and elevate to SYSTEM. The flaw affects a broad Windows client and server matrix (Windows 10 1809 through Windows 11 26H1, Windows Server 2019/2022/2025). It has no public exploit identified at time of analysis and is not on CISA KEV, but as a Microsoft-reported, patched NTFS kernel bug it is a routine patch-priority item on standard Patch Tuesday cycles.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50669 HIGH PATCH This Week

Local privilege escalation in the Windows Telephony Service (TAPI) affects a broad range of Microsoft Windows client and server releases, from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. A local, low-privileged attacker who wins a race condition (CWE-362) in the service's handling of a shared resource can corrupt state and elevate to higher privileges, gaining full confidentiality, integrity, and availability impact on the host. There is no public exploit identified at time of analysis and it is not on CISA KEV; EPSS was not provided.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.0
EPSS
0.2%
Prev Page 13 of 20 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy