Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Windows Client Side Caching driver (csc.sys) allows authenticated users with low privileges to gain SYSTEM-level access via heap-based buffer overflow exploitation. Affects all supported Windows 10, Windows 11, and Windows Server versions (2012 through 2025). Vendor-released patches are available from Microsoft as of early 2026. No public exploit identified at time of analysis, though the straightforward attack complexity (AC:L) and no user interaction requirement (
Technical ContextAI
The Windows Client Side Caching driver (csc.sys) is a kernel-mode component responsible for offline file synchronization and caching network resources locally. This vulnerability stems from a heap-based buffer overflow (CWE-122), occurring when the driver improperly validates user-supplied input before copying data into a heap-allocated buffer. Because csc.sys operates in kernel space with SYSTEM privileges, successful exploitation allows an attacker to overflow the buffer with crafted data, overwriting adjacent memory structures to redirect execution flow or corrupt critical kernel objects. The local attack vector (AV:L) requires the attacker to already have authenticated access to the target system with low privileges (PR:L), positioning this as a second-stage attack following initial compromise. The vulnerability affects Windows kernel builds spanning over a decade of releases, from Windows Server 2012 (kernel 6.2) through the latest Windows 11 26H1 and Server 2025 (kernel 10.0.28000/26100), indicating a long-standing weakness in buffer handling logic within the CSC subsystem.
RemediationAI
Apply security updates immediately from Microsoft's January 2026 Patch Tuesday release. Patched versions are Windows 10 1607/Server 2016 build 10.0.14393.9060 or later, Windows 10 1809/Server 2019 build 10.0.17763.8644 or later, Windows 10 21H2 build 10.0.19044.7184 or later, Windows 10 22H2 build 10.0.19045.7184 or later, Windows 11 22H3/23H2 build 10.0.22631.6936 or later, Windows 11 24H2/Server 2025 build 10.0.26100.32690 or later, Windows 11 25H2 build 10.0.26200.8246 or later, Windows 11 26H1 build 10.0.28000.1836 or later, Windows Server 2
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22414
GHSA-9cr5-9f63-xhxx