Skip to main content

Microsoft CVE-2026-32079

| EUVDEUVD-2026-22511 MEDIUM
Information Exposure (CWE-200)
2026-04-14 microsoft GHSA-4p6q-866h-54p2
5.5
CVSS 3.1 · NVD
Temporal: 4.8
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
4.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Analysis Generated
Apr 14, 2026 - 19:42 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22511
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:58 nvd
MEDIUM 5.5

DescriptionCVE.org

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

AnalysisAI

Windows File Explorer information disclosure vulnerability in Windows 10 and Windows 11 allows authenticated local attackers to read sensitive files through a flaw in access control validation. CVSS 5.5 indicates moderate risk with confidentiality impact but no integrity or availability compromise. Patch available from Microsoft; no public exploit code or active exploitation confirmed at time of analysis.

Technical ContextAI

The vulnerability exists in Windows File Explorer's file access handling mechanism, classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). This suggests a breakdown in access control logic where the application fails to properly validate user permissions before exposing file contents to authenticated local users. The attack vector is local (AV:L) with low complexity (AC:L), indicating the flaw does not require exploitation of secondary vulnerabilities or user interaction beyond standard file browsing operations. The vulnerability affects multiple versions of Windows 10 (1607, 1809, 21H2, 22H2), Windows 11 (22H3, 23H2, 24H2, 25H2, 26H1), and Windows Server releases (2016, 2019, 2022, 2025), spanning both standard and Server Core installations across numerous build versions.

RemediationAI

Apply the vendor-released patch from Microsoft immediately via Windows Update or the Microsoft Security Response Center. Refer to https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32079 for exact patched build versions for each Windows edition and version. For Windows 10 1607, update to build 14393.9060 or later; for Windows 10 1809, update to build 17763.8644 or later; for Windows 10 21H2, update to build 19044.7184 or later; for Windows 10 22H2, update to build 19045.7184 or later; for Windows 11 22H3/23H2, update to build 22631.6936 or later; for Windows 11 24H2, update to build 26100.32690 or later; for Windows 11 25H2, update to build 26200.8246 or later; for Windows 11 26H1, update to build 28000.1836 or later; and for Windows Server editions, apply corresponding updates as detailed in the advisory. No confirmed workaround for the underlying issue is documented; patching is the primary remediation path.

Share

CVE-2026-32079 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy