Skip to main content

Microsoft CVE-2026-26169

| EUVDEUVD-2026-22400 MEDIUM
Buffer Over-read (CWE-126)
2026-04-14 microsoft
6.1
CVSS 3.1 · NVD
Temporal: 5.3
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CIRCL (temporal)
5.3 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

5
Analysis Generated
Apr 14, 2026 - 19:42 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22400
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
MEDIUM 6.1

DescriptionCVE.org

Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.

AnalysisAI

Buffer over-read in Windows Kernel Memory allows authenticated local attackers to disclose sensitive kernel information with high confidence. CVE-2026-26169 affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server 2016 through 2025. The vulnerability requires local access and low-level user privileges but does not enable privilege escalation or code execution. Microsoft has released vendor patches addressing the issue across all affected versions.

Technical ContextAI

This vulnerability is rooted in CWE-126 (Buffer Over-read), a memory safety flaw in Windows Kernel Memory where bounds checking on memory read operations is insufficient. An authenticated attacker with local access can trigger an out-of-bounds read that leaks uninitialized or privileged kernel memory contents to user-mode processes. The affected CPE identifiers span Windows 10 consumer editions, Windows 11 across multiple versions, and Windows Server infrastructure deployments (2016, 2019, 2022, 2025), indicating the flaw exists in shared kernel code paths used across the entire Windows product family.

RemediationAI

Apply the vendor-released patch from Microsoft Security Update Guidance for CVE-2026-26169. For Windows 10 Version 1607, update to build 10.0.14393.9060 or later. For Windows 10 Version 1809 and Windows Server 2019, update to build 10.0.17763.8644 or later. For Windows 10 Versions 21H2 and 22H2, update to build 10.0.19044.7184 or later for 21H2 and 10.0.19045.7184 or later for 22H2. For Windows 11 Version 22H3, update to build 10.0.22631.6936 or later. For Windows 11 Version 23H2, update to build 10.0.22631.6936 or later. For Windows 11 Version 24H2 and later, update to build 10.0.26100.32690 or later. For Windows Server 2016, update to build 10.0.14393.9060 or later. For Windows Server 2022, update to build 10.0.20348.5020 or later. For Windows Server 2025, update to build 10.0.26100.32690 or later. Apply patches via Windows Update, WSUS, or manual download from the Microsoft Update Catalog. No workarounds are available; patching is the required remediation. Detailed patch guidance is provided at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26169.

Share

CVE-2026-26169 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy