Skip to main content

Microsoft CVE-2026-26163

| EUVDEUVD-2026-22390 HIGH
Double Free (CWE-415)
2026-04-14 microsoft
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:26 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22390
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.8

DescriptionCVE.org

Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.

AnalysisAI

Windows Kernel double free vulnerability enables local privilege escalation across Windows 10, 11, and Server editions when exploited by authenticated users with low-level privileges. The CWE-415 flaw affects all currently supported Windows versions from legacy Windows Server 2012 R2 through the latest Windows 11 26H1 and Windows Server 2025 builds. With CVSS 7.8 (AV:L/AC:L/PR:L), the vulnerability requires only local access and low-privilege authentication, making it valuable for second-stage a

Technical ContextAI

This vulnerability stems from a double free condition (CWE-415) in the Windows Kernel, where memory is deallocated twice, leading to heap corruption. Double free vulnerabilities occur when a program attempts to free the same memory pointer multiple times, typically due to improper reference counting or error handling in kernel memory management routines. In Windows Kernel context, this affects core system memory management across the NT kernel architecture that underpins both client and server Windows versions. The vulnerability impacts kernel-mode components where memory handling errors can compromise the security boundary between user mode and kernel mode. The broad CPE coverage spanning Windows 10 versions 1607 through 22H2, all Windows 11 versions (22H3, 23H2, 24H2, 25H2, 26H1), and Windows Server 2012 R2 through 2025 indicates the flaw exists in shared kernel memory management code maintained across multiple Windows release branches. Memory corruption in kernel space provides attackers the ability to manipulate kernel objects, bypass security checks, and execute arbitrary code with SYSTEM privileges.

RemediationAI

Apply Microsoft's security updates immediately through Windows Update or WSUS to upgrade to patched builds. For Windows 10 systems, update to builds 10.0.14393.9060 (1607), 10.0.17763.8644 (1809), 10.0.19044.7184 (21H2), or 10.0.19045.7184 (22H2). Windows 11 users should update to builds 10.0.22631.6936 (22H3/23H2), 10.0.26100.32690 (24H2), 10.0.26200.8246 (25H2), or 10.0.28000.1836 (26H1). Server administrators must patch to builds 6.3.9600.23132 (Server 2012 R2), 10.0.14393.9060 (Server 2016), 10.0.17763.8644 (Server 2019), 10.0.20348.5020 (Server 2022), 10.0.25398.2274 (Server 2022 23H2), or 10.0.26100.32690 (Server 2025). Prioritize patching for domain controllers, internet-facing systems, and servers accessible to lower-privileged users. No effective workarounds exist for kernel vulnerabilities; patching is the only reliable remediation. Full patch details available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26163.

Share

CVE-2026-26163 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy