Windows Server 2019
CVE-2026-25186
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally.
AnalysisAI
Unauthorized disclosure of sensitive information in Windows Accessibility Infrastructure (ATBroker.exe) affects Windows Server 2019, 2025, Windows 10 22h2, and Windows 11 25h2, allowing local authenticated attackers to read confidential data. The vulnerability requires user privileges and local access but poses no risk to system integrity or availability. No patch is currently available for this issue.
Technical ContextAI
Classified as CWE-200 (Information Exposure). Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally.
RemediationAI
Monitor vendor advisories for a patch.
More in Windows Server 2019
View allWindows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables
Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker
Active Directory Domain Services contains an elevation of privilege vulnerability that allows authenticated domain users
Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the
Local privilege escalation in Microsoft Active Directory Federation Services (AD FS) lets an already-authenticated low-p
Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulne
Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow enabling local privilege escalation
Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote atta
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. Rated critical severity (CVSS 9.8), thi
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptograph
Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables
Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a se
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today