Is WinFsp affected by CVE-2026-3006?

CVE-2026-3006 is a local privilege escalation vulnerability in WinFsp that allows authenticated low-privilege users to gain SYSTEM-level access through kernel memory corruption.

WinFsp CVE-2026-3006

EUVD-2026-25755 HIGH

Race Condition (CWE-362)

2026-04-27 CSA

Buffer Overflow Race Condition Redhat

7.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 27, 2026 - 14:22 vuln.today

cvss_changed

Analysis Generated

Apr 27, 2026 - 03:31 vuln.today

DescriptionNVD

Successful exploitation of the race condition vulnerability could allow an attacker to trigger a kernel heap overflow, potentially leading to local privilege escalation and granting system-level access to the affected software.

AnalysisAI

A race condition in WinFsp enables local privilege escalation to SYSTEM through kernel heap overflow. Authenticated local attackers with low privileges can exploit this timing vulnerability to corrupt kernel memory and execute code at the highest privilege level. …

RemediationAI

Within 24 hours: Identify all systems running WinFsp and isolate development/test environments from production networks. Within 7 days: Apply vendor patch WinFsp v2.2B1 or later to all affected systems, prioritizing those with multiple local users. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-6920 CRITICAL Act Now

9.6 Apr 23

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromi

CVE-2026-6919 CRITICAL Act Now

9.6 Apr 23

Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the re

CVE-2026-41246 HIGH This Week

8.1 Apr 23

Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Cont

CVE-2026-41205 HIGH This Week

7.7 Apr 23

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path trave

CVE-2026-41324 HIGH This Week

7.5 Apr 24

Denial of service in basic-ftp for Node.js allows remote malicious FTP servers to crash client applications via unbounde

Vendor StatusVendor

CVE-2026-3006 vulnerability details – vuln.today

Back

WinFsp CVE-2026-3006

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code