Skip to main content

Microsoft CVE-2026-26176

| EUVDEUVD-2026-22414 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-04-14 microsoft GHSA-9cr5-9f63-xhxx
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:27 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22414
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:58 nvd
HIGH 7.8

DescriptionCVE.org

Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Windows Client Side Caching driver (csc.sys) allows authenticated users with low privileges to gain SYSTEM-level access via heap-based buffer overflow exploitation. Affects all supported Windows 10, Windows 11, and Windows Server versions (2012 through 2025). Vendor-released patches are available from Microsoft as of early 2026. No public exploit identified at time of analysis, though the straightforward attack complexity (AC:L) and no user interaction requirement (

Technical ContextAI

The Windows Client Side Caching driver (csc.sys) is a kernel-mode component responsible for offline file synchronization and caching network resources locally. This vulnerability stems from a heap-based buffer overflow (CWE-122), occurring when the driver improperly validates user-supplied input before copying data into a heap-allocated buffer. Because csc.sys operates in kernel space with SYSTEM privileges, successful exploitation allows an attacker to overflow the buffer with crafted data, overwriting adjacent memory structures to redirect execution flow or corrupt critical kernel objects. The local attack vector (AV:L) requires the attacker to already have authenticated access to the target system with low privileges (PR:L), positioning this as a second-stage attack following initial compromise. The vulnerability affects Windows kernel builds spanning over a decade of releases, from Windows Server 2012 (kernel 6.2) through the latest Windows 11 26H1 and Server 2025 (kernel 10.0.28000/26100), indicating a long-standing weakness in buffer handling logic within the CSC subsystem.

RemediationAI

Apply security updates immediately from Microsoft's January 2026 Patch Tuesday release. Patched versions are Windows 10 1607/Server 2016 build 10.0.14393.9060 or later, Windows 10 1809/Server 2019 build 10.0.17763.8644 or later, Windows 10 21H2 build 10.0.19044.7184 or later, Windows 10 22H2 build 10.0.19045.7184 or later, Windows 11 22H3/23H2 build 10.0.22631.6936 or later, Windows 11 24H2/Server 2025 build 10.0.26100.32690 or later, Windows 11 25H2 build 10.0.26200.8246 or later, Windows 11 26H1 build 10.0.28000.1836 or later, Windows Server 2

Share

CVE-2026-26176 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy