CVE-2026-0386

HIGH
2026-01-13 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 13, 2026 - 18:16 nvd
HIGH 7.5

Tags

Windows Windows Server 2019 Windows Server 2022 23h2 Windows Server 2012 Windows Server 2022 Windows Server 2008 Windows Server 2025 Windows Server 2016 Microsoft

Description

Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network.

Analysis

Windows Deployment Services contains improper access control that enables unauthenticated attackers on an adjacent network to execute arbitrary code with high privileges on affected Windows and Windows Server systems. The vulnerability affects multiple Windows versions including Server 2012, 2019, and 2022 variants, with no patch currently available. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +38
POC: 0

Share

CVE-2026-0386 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy