Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in the Windows Kernel via double free vulnerability enables low-privileged authenticated users to gain SYSTEM-level access across Windows 11 (versions 22H3 through 26H1) and Windows Server 2022/2025. The vulnerability requires local access and low privileges (PR:L) but presents low attack complexity (AC:L) with no user interaction required. Vendor-released patches are available for all affected versions. No public exploit identified at time of analysis, though the straightforward attack complexity and severe impact make this a priority for patching in enterprise environments.
Technical ContextAI
CWE-415 double free vulnerabilities occur when memory is deallocated twice, creating use-after-free conditions that allow attackers to manipulate kernel memory structures. In the Windows Kernel context, this flaw enables corruption of critical memory management structures. The vulnerability affects core Windows kernel components across multiple Windows 11 releases (22H3, 23H2, 24H2, 25H2, 26H1) and Windows Server platforms (2022 23H2 Edition and 2025 in both standard and Server Core installations). Double free conditions in kernel-mode code are particularly dangerous because successful exploitation grants attackers the ability to execute arbitrary code at the highest privilege level (SYSTEM/ring 0), bypassing all user-mode security boundaries and enabling complete system compromise.
RemediationAI
Apply Microsoft security updates immediately to patch the kernel double free vulnerability. For Windows 11 version 22H3 and 23H2, upgrade to build 10.0.22631.6936 or later. For Windows 11 version 24H2, upgrade to build 10.0.26100.32690 or later. For Windows 11 version 25H2, upgrade to build 10.0.26200.8246 or later. For Windows 11 version 26H1, upgrade to build 10.0.28000.1836 or later. For Windows Server 2022 23H2 Edition (including Server Core), upgrade to build 10.0.25398.2274 or later. For Windows Server 2025 (both standard and Server Core installations), upgrade to build 10.0.26100.32690 or later. Patches are available through Windows Update, Microsoft Update Catalog, and enterprise deployment tools like WSUS or Configuration Manager. Consult the official Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26179 for detailed deployment guidance and any additional mitigations. No effective workaround exists; patching is the only complete remediation.
Same weakness CWE-415 – Double Free
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22420