Skip to main content

Microsoft CVE-2026-32218

| EUVDEUVD-2026-22603 MEDIUM
Insertion of Sensitive Information into Log File (CWE-532)
2026-04-14 microsoft GHSA-4xm9-mm3c-5883
5.5
CVSS 3.1 · NVD
Temporal: 4.8
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
4.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Analysis Generated
Apr 14, 2026 - 19:41 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22603
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
MEDIUM 5.5

DescriptionCVE.org

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

AnalysisAI

Windows Kernel logs sensitive information that authenticated local users can read, enabling information disclosure on Windows 10 (versions 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), Windows Server 2022, and Windows Server 2025. An attacker with local user privileges can access kernel log files to retrieve confidential data such as credentials, cryptographic material, or system secrets. Microsoft has released patches addressing this log injection vulnerability; no public exploit code or active exploitation has been confirmed.

Technical ContextAI

The vulnerability (CWE-532: Insertion of Sensitive Information Into Log File) exists in the Windows Kernel logging subsystem, where sensitive data is written to accessible log files without proper sanitization or encryption. The Windows Kernel uses event logging and diagnostic logging mechanisms that may contain unencrypted or plaintext credentials, API keys, or other confidential information. An authenticated local user with standard privileges can read these kernel logs through standard Windows log-viewing utilities or by directly accessing log file storage locations. This is not a memory corruption or elevation-of-privilege flaw, but a data-handling weakness in how the Kernel manages logging output.

RemediationAI

Microsoft has released security updates addressing this vulnerability. Apply the vendor patch immediately via Windows Update or manual download from the Microsoft Security Response Center (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32218). For Windows 10 21H2, update to build 10.0.19044.7184 or later; for Windows 10 22H2, update to build 10.0.19045.7184 or later. Windows 11 22H3 and 23H2 require build 10.0.22631.6936 or later; Windows 11 24H2 requires build 10.0.26100.32690 or later; Windows 11 25H2 requires build 10.0.26200.8246 or later; Windows 11 26H1 requires build 10.0.28000.1836 or later. Windows Server 2022 requires build 10.0.20348.5020 or later; Windows Server 2022 23H2 Server Core requires build 10.0.25398.2274 or later; Windows Server 2025 and 2025 Server Core require build 10.0.26100.32690 or later. As an interim mitigation, restrict local user access to kernel log files and enable auditing of log file access on systems handling sensitive data.

Share

CVE-2026-32218 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy