Skip to main content

Microsoft CVE-2026-32083

| EUVDEUVD-2026-22515 HIGH
Race Condition (CWE-362)
2026-04-14 microsoft GHSA-7phv-9jp9-84fq
7.0
CVSS 3.1 · NVD
Temporal: 6.1
Share

Severity by source

NVD PRIMARY
7.0 HIGH
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.1 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:18 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22515
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.0

DescriptionCVE.org

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Windows SSDP Service (all Windows 10, 11, and Server versions from 2012 onwards) enables low-privileged authenticated users to gain SYSTEM-level access by exploiting a race condition in shared resource handling. The vulnerability requires low privileges and high attack complexity (CVSS AC:H), resulting in complete compromise of confidentiality, integrity, and availability. Vendor-released patches are available for all affected versions with specific build numbers pr

Technical ContextAI

The Windows SSDP Service (Simple Service Discovery Protocol) implements UPnP device discovery and network service enumeration. This vulnerability stems from CWE-362 (race condition), where concurrent threads access shared resources without proper synchronization primitives. The SSDP service runs with elevated privileges to manage network discovery, making it an attractive target for local privilege escalation. Race conditions occur when time-of-check-to-time-of-use (TOCTTOU) gaps allow attackers to manipulate shared objects between verification and execution. The vulnerability affects the entire Windows ecosystem: CPE data identifies Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and Windows Server (2012, 2012 R2, 2016, 2019, 2022, 2025) including Server Core installations. EUVD version strings specify exact vulnerable build ranges, with fixes requiring builds 10.0.26100.32690+ for Server 2025/Windows 11 24H2, 10.0.22631.6936+ for Windows 11 22H3/23H2, and corresponding patched builds for older versions.

RemediationAI

Microsoft has released security updates for all affected Windows versions through standard update channels. Organizations should immediately apply the following patched builds: Windows 10 Version 1607 and Server 2016 to build 10.0.14393.9060 or higher, Windows 10 Version 1809 and Server 2019 to build 10.0.17763.8644 or higher, Windows 10 Version 21H2 to build 10.0.19044.7184 or higher, Windows 10 Version 22H2 to build 10.0.19045.7184 or higher, Windows 11 Version 22H3 and 23H2 to build 10.0.22631.6936 or higher, Windows 11 Version 24H2 and Server 2025 to build 10.0.26100.32690 or higher, Windows 11 Version 25H2 to build 10.0.26200.8246 or higher, Windows 11 Version 26H1 to build 10.0.28000.1836 or higher, Windows Server 2012 to build 6.2.9200.26026 or higher, Windows Server 2012 R2 to build 6.3.9600.23132 or higher, Windows Server 2022 to build 10.0.20348.5020 or higher, and Windows Server 2022 23H2 Edition to build 10.0.25398.2274 or higher. Deploy patches via Windows Update, WSUS, Configuration Manager, or manual download from the Microsoft Update Catalog. No workarounds are documented

Share

CVE-2026-32083 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy