Skip to main content

Microsoft CVE-2026-26172

| EUVDEUVD-2026-22406 HIGH
Race Condition (CWE-362)
2026-04-14 microsoft
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:27 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22406
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:58 nvd
HIGH 7.8

DescriptionCVE.org

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Windows Push Notifications service affects Windows 10 21H2/22H2, Windows 11 22H3-26H1, and Windows Server 2022/2025 via race condition vulnerability. Authenticated low-privilege attackers can gain SYSTEM-level privileges through improper synchronization during concurrent operations (CWE-362). CVSS 7.8 (High) with high attack complexity (AC:H) and scope change (S:C). No public exploit identified at time of analysis. Microsoft released patches in January 2026 security

Technical ContextAI

This vulnerability stems from a race condition (CWE-362) in the Windows Push Notifications (WPN) service, a core Windows component responsible for handling toast notifications, live tiles, and push notification delivery to applications. Race conditions occur when multiple threads or processes access shared resources without proper synchronization primitives (mutexes, semaphores, critical sections). The CVSS vector indicates local access (AV:L) with changed scope (S:C), suggesting the vulnerability allows escaping the security context of the WPN service to impact resources beyond its privilege boundary. The WPN service typically runs with elevated privileges to interact with user sessions and system resources, making it an attractive target for privilege escalation. The high attack complexity (AC:H) suggests exploitation requires precise timing or specific system conditions, characteristic of time-of-check-time-of-use (TOCTOU) vulnerabilities or similar synchronization flaws. Affected products span Windows 10 builds 19044/19045, Windows 11 builds 22631/26100/26200/28000, and Windows Server 2022/2025 (builds 20348/25398/26100), indicating the vulnerable code exists across multiple Windows NT kernel branches.

RemediationAI

Apply Microsoft's January 2026 security updates immediately through Windows Update or WSUS to install patched versions: Windows 10 21H2 to build 10.0.19044.7184 or later, Windows 10 22H2 to build 10.0.19045.7184 or later, Windows 11 22H3/23H2 to build 10.0.22631.6936 or later, Windows 11 24H2 to build 10.0.26100.32690 or later, Windows 11 25H2 to build 10.0.26200.8246 or later, Windows 11 26H1 to build 10.0.28000.1836 or later, Windows Server 2022 to build 10.0.20348.5020 or later, Windows Server 2022 23H2 to build 10.0.25398.2274 or later, and Windows Server 2025 to build 10.0.26100.32690 or later. No workarounds are documented in the Microsoft advisory. Verification can be performed by checking system build number via winver.exe or systeminfo command. For air-gapped or disconnected systems, obtain offline update packages from Microsoft Update Catalog. Detailed patch deployment guidance available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26172.

Share

CVE-2026-26172 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy