What is the CVSS score of CVE-2026-26179?

CVE-2026-26179 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Microsoft are affected by CVE-2026-26179?

CVE-2026-26179 is a high-severity local privilege escalation in Windows Kernel affecting Windows 11 (22H3-26H1) and Windows Server 2022/2025, allowing authenticated users with low privileges to gain…. A patch is available.

Microsoft CVE-2026-26179

EUVD-2026-22420 HIGH

Double Free (CWE-415)

2026-04-14 microsoft

Information Disclosure Microsoft

7.8

CVSS 3.1

Temporal: 6.8

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 17, 2026 - 15:22 vuln.today

cvss_changed

Analysis Generated

Apr 14, 2026 - 19:14 vuln.today

EUVD ID Assigned

Apr 14, 2026 - 17:46 euvd

EUVD-2026-22420

Analysis Generated

Apr 14, 2026 - 17:46 vuln.today

Patch released

Apr 14, 2026 - 17:46 nvd

Patch available

CVE Published

Apr 14, 2026 - 16:57 nvd

HIGH 7.8

DescriptionNVD

Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in the Windows Kernel via double free vulnerability enables low-privileged authenticated users to gain SYSTEM-level access across Windows 11 (versions 22H3 through 26H1) and Windows Server 2022/2025. The vulnerability requires local access and low privileges (PR:L) but presents low attack complexity (AC:L) with no user interaction required. …

RemediationAI

Within 24 hours: Identify all Windows 11 and Windows Server 2022/2025 systems in your environment and confirm current patch levels. Within 7 days: Deploy vendor-released patches to all affected systems beginning with critical infrastructure and servers handling sensitive data; prioritize Windows Server systems in production environments. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-10044 HIGH This Week POC

8.2 May 28

{filename} endpoint. The flawed traversal guard only rejects forward slashes and '..' sequences, so absolute Windows pat

CVE-2026-9928 HIGH This Week

8.8 May 28

Remote code execution in Google Chrome for Windows prior to 148.0.7778.216 stems from an out-of-bounds read in the ANGLE

CVE-2026-9945 HIGH This Week

8.8 May 28

Remote code execution in Google Chrome on Windows prior to version 148.0.7778.216 allows attackers to execute arbitrary

CVE-2026-46414 HIGH This Week

8.8 May 27

Authenticated role spoofing in Microsoft UFO's WebSocket control plane (version 3.0.1-4-ge2626659) lets any client holdi

CVE-2026-42305 HIGH This Week

8.8 May 28

Arbitrary file write leading to remote code execution in Dulwich (pure-Python Git implementation) versions >= 0.10.0 and

CVE-2026-26179 vulnerability details – vuln.today

Back

Microsoft CVE-2026-26179

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code