CVE-2026-24287
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Tags
Description
External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally.
Analysis
Windows Kernel path traversal vulnerability in Server 2025, Server 2022, Windows 11 24h2, and Windows 10 22h2 enables authenticated local attackers to achieve full system compromise through privilege escalation. The flaw allows an authorized user to manipulate file name or path parameters, bypassing access controls and gaining kernel-level privileges. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Windows systems running affected kernel versions and identify which host privileged applications or data; notify relevant system owners and begin monitoring for suspicious privilege escalation attempts. Within 7 days: Implement compensating controls including strict user access reviews, disable unnecessary file system APIs where feasible, and deploy enhanced monitoring on privileged accounts. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today