Skip to main content

Microsoft CVE-2026-27926

| EUVDEUVD-2026-22477 HIGH
Race Condition (CWE-362)
2026-04-14 microsoft
7.0
CVSS 3.1 · NVD
Temporal: 6.1
Share

Severity by source

NVD PRIMARY
7.0 HIGH
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.1 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:16 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22477
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.0

DescriptionCVE.org

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Windows Cloud Files Mini Filter Driver (all Windows 10/11 and Server 2019/2022/2025 versions) allows low-privileged authenticated users to gain SYSTEM-level access through a race condition vulnerability. Attack requires high complexity timing manipulation of shared resources in the kernel-mode filter driver. Vendor-released patches available for all affected versions. No public exploit identified at time of analysis, though the authenticated local attack vector and detailed version-specific fix data suggest moderate real-world deployment risk in multi-user Windows environments.

Technical ContextAI

The Windows Cloud Files Mini Filter Driver is a kernel-mode component managing cloud storage synchronization (OneDrive, SharePoint integration). This CWE-362 race condition occurs when multiple threads access shared resources without proper synchronization primitives (locks, semaphores, atomic operations). The vulnerability exists in versions spanning Windows 10 1809 through Windows 11 26H1 and all Server generations from 2019 to 2025, indicating a long-standing architectural flaw in the filter driver's resource management. Race conditions in kernel drivers are particularly dangerous because successful exploitation executes attacker code at Ring 0 with full system privileges. The AC:H (high attack complexity) rating reflects the precise timing requirements to win the race window, typical of time-of-check-time-of-use (TOCTOU) flaws in concurrent file system operations.

RemediationAI

Apply Microsoft's security updates released through Windows Update or WSUS to upgrade affected systems to patched builds. For Windows 10 1809, update to build 17763.8644 or later. Windows 10 21H2 requires build 19044.7184 or later, while 22H2 needs 19045.7184 or later. Windows 11 22H3 and 23H2 require build 22631.6936 or later. Windows 11 24H2 needs build 26100.32690 or later, 25H2 requires 26200.8246 or later, and 26H1 needs 28000.1836 or later. Server environments should patch Server 2019 to 17763.8644 or later, Server 2022 to 20348.5020 or later (23H2 Server Core to 25398.2274), and Server 2025 to 26100.32690 or later. No workarounds are documented; patching is the only complete mitigation. Organizations unable to immediately patch should prioritize systems with multiple user accounts or remote access exposure. Download patches from Microsoft Update Catalog or reference the security update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27926.

Share

CVE-2026-27926 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy