Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
AnalysisAI
Stack-based buffer overflow in the Windows Kernel enables low-privileged local attackers to escalate to SYSTEM privileges on Windows 11 version 26H1 (build 10.0.28000.0 through 10.0.28000.1835). Despite CVSS 7.0 (High), the attack complexity is high (AC:H) and requires local access with low-level privileges (PR:L). Vendor-released patch available via Microsoft Security Response Center (build 10.0.28000.1836). No public exploit identified at time of analysis, though CWE-121 stack overflows are well-understood vulnerability classes with established exploitation techniques.
Technical ContextAI
This vulnerability exploits a classic stack-based buffer overflow (CWE-121) within the Windows Kernel, the core component managing system resources, process scheduling, and hardware abstraction. Stack overflows occur when unchecked data writes exceed allocated buffer boundaries on the call stack, overwriting adjacent memory including return addresses and frame pointers. In kernel-mode contexts, successful exploitation allows arbitrary code execution at ring 0 (highest privilege level), bypassing all user-mode security boundaries. The affected product per CPE is Windows 11 version 26H1 builds 10.0.28000.0 through 10.0.28000.1835. The high attack complexity (AC:H) suggests exploitation requires precise memory layout knowledge, timing conditions, or successful bypass of exploit mitigations like KASLR, DEP, or Control Flow Guard that are standard in modern Windows kernels.
RemediationAI
Apply the vendor-released security update immediately by upgrading Windows 11 version 26H1 to build 10.0.28000.1836 or later, which contains the kernel-level fix for the stack buffer overflow. Deployment can be performed through Windows Update, Windows Server Update Services (WSUS), Microsoft Endpoint Configuration Manager, or manual installation via the Microsoft Update Catalog. Organizations should prioritize systems with local user access by untrusted or semi-trusted accounts, terminal servers, kiosks, and shared workstations. Consult the official Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32195 for detailed patch deployment guidance, known issues, and restart requirements. No effective workarounds exist for kernel-level buffer overflows; patching is the only complete mitigation. As interim risk reduction, enforce strict least-privilege policies, disable unnecessary local accounts, monitor for suspicious privilege escalation behaviors via Event ID 4672 (special privileges assigned), and implement application control policies to restrict unsigned kernel driver loading.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22575