Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally.
AnalysisAI
Null pointer dereference in Windows Redirected Drive Buffering denies service to local authenticated users on Windows 11 version 26H1 (build 10.0.28000.0-10.0.28000.1835). An authorized attacker with local access can trigger the vulnerability to crash the affected system component, though code execution is not possible. Vendor-released patch available; no public exploit code identified at time of analysis.
Technical ContextAI
Windows Redirected Drive Buffering is a kernel or system-level driver component that manages buffered I/O operations for redirected storage devices (commonly used in Remote Desktop, virtualization, and terminal server scenarios). The vulnerability stems from improper null pointer validation (CWE-476), where the code dereferences a pointer without first checking whether it is null. When a specially crafted local I/O request reaches the buffering subsystem, the unchecked dereference triggers a kernel exception or driver crash, resulting in denial of service. The affected CPE identifies Windows 11 version 26H1 specifically, suggesting the flaw was introduced or exposed in a recent version branch. The null pointer dereference pattern is a classic memory safety weakness that typically requires the attacker to control specific input conditions or state.
RemediationAI
Install the vendor-released patch for Windows 11 version 26H1, which updates the Redirected Drive Buffering component to build 10.0.28000.1836 or later. Patch availability is confirmed via the Microsoft Security Response Center (MSRC) at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32216. No permanent workaround short of patching exists; however, organizations may temporarily mitigate risk by restricting local user account creation and enforcing principle-of-least-privilege access policies. Ensure automatic Windows Update is enabled or manually deploy the patch through Windows Update, WSUS, or direct download from MSRC. Verify installation by checking the build version post-patch to confirm it is 10.0.28000.1836 or higher.
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22599
GHSA-cw5m-47qq-278v