Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
AnalysisAI
Windows File Explorer information disclosure vulnerability in Windows 10 and Windows 11 allows authenticated local attackers to read sensitive files through a flaw in access control validation. CVSS 5.5 indicates moderate risk with confidentiality impact but no integrity or availability compromise. Patch available from Microsoft; no public exploit code or active exploitation confirmed at time of analysis.
Technical ContextAI
The vulnerability exists in Windows File Explorer's file access handling mechanism, classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). This suggests a breakdown in access control logic where the application fails to properly validate user permissions before exposing file contents to authenticated local users. The attack vector is local (AV:L) with low complexity (AC:L), indicating the flaw does not require exploitation of secondary vulnerabilities or user interaction beyond standard file browsing operations. The vulnerability affects multiple versions of Windows 10 (1607, 1809, 21H2, 22H2), Windows 11 (22H3, 23H2, 24H2, 25H2, 26H1), and Windows Server releases (2016, 2019, 2022, 2025), spanning both standard and Server Core installations across numerous build versions.
RemediationAI
Apply the vendor-released patch from Microsoft immediately via Windows Update or the Microsoft Security Response Center. Refer to https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32079 for exact patched build versions for each Windows edition and version. For Windows 10 1607, update to build 14393.9060 or later; for Windows 10 1809, update to build 17763.8644 or later; for Windows 10 21H2, update to build 19044.7184 or later; for Windows 10 22H2, update to build 19045.7184 or later; for Windows 11 22H3/23H2, update to build 22631.6936 or later; for Windows 11 24H2, update to build 26100.32690 or later; for Windows 11 25H2, update to build 26200.8246 or later; for Windows 11 26H1, update to build 28000.1836 or later; and for Windows Server editions, apply corresponding updates as detailed in the advisory. No confirmed workaround for the underlying issue is documented; patching is the primary remediation path.
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22511
GHSA-4p6q-866h-54p2