Skip to main content

Microsoft CVE-2026-32195

| EUVDEUVD-2026-22575 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-04-14 microsoft
7.0
CVSS 3.1 · NVD
Temporal: 6.1
Share

Severity by source

NVD PRIMARY
7.0 HIGH
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
6.1 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:22 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22575
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.0

DescriptionCVE.org

Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

AnalysisAI

Stack-based buffer overflow in the Windows Kernel enables low-privileged local attackers to escalate to SYSTEM privileges on Windows 11 version 26H1 (build 10.0.28000.0 through 10.0.28000.1835). Despite CVSS 7.0 (High), the attack complexity is high (AC:H) and requires local access with low-level privileges (PR:L). Vendor-released patch available via Microsoft Security Response Center (build 10.0.28000.1836). No public exploit identified at time of analysis, though CWE-121 stack overflows are well-understood vulnerability classes with established exploitation techniques.

Technical ContextAI

This vulnerability exploits a classic stack-based buffer overflow (CWE-121) within the Windows Kernel, the core component managing system resources, process scheduling, and hardware abstraction. Stack overflows occur when unchecked data writes exceed allocated buffer boundaries on the call stack, overwriting adjacent memory including return addresses and frame pointers. In kernel-mode contexts, successful exploitation allows arbitrary code execution at ring 0 (highest privilege level), bypassing all user-mode security boundaries. The affected product per CPE is Windows 11 version 26H1 builds 10.0.28000.0 through 10.0.28000.1835. The high attack complexity (AC:H) suggests exploitation requires precise memory layout knowledge, timing conditions, or successful bypass of exploit mitigations like KASLR, DEP, or Control Flow Guard that are standard in modern Windows kernels.

RemediationAI

Apply the vendor-released security update immediately by upgrading Windows 11 version 26H1 to build 10.0.28000.1836 or later, which contains the kernel-level fix for the stack buffer overflow. Deployment can be performed through Windows Update, Windows Server Update Services (WSUS), Microsoft Endpoint Configuration Manager, or manual installation via the Microsoft Update Catalog. Organizations should prioritize systems with local user access by untrusted or semi-trusted accounts, terminal servers, kiosks, and shared workstations. Consult the official Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32195 for detailed patch deployment guidance, known issues, and restart requirements. No effective workarounds exist for kernel-level buffer overflows; patching is the only complete mitigation. As interim risk reduction, enforce strict least-privilege policies, disable unnecessary local accounts, monitor for suspicious privilege escalation behaviors via Event ID 4672 (special privileges assigned), and implement application control policies to restrict unsigned kernel driver loading.

Share

CVE-2026-32195 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy