Skip to main content

Microsoft CVE-2026-32219

| EUVDEUVD-2026-22605 HIGH
Double Free (CWE-415)
2026-04-14 microsoft GHSA-jrwx-4hj3-h58w
7.0
CVSS 3.1 · NVD
Temporal: 6.1
Share

Severity by source

NVD PRIMARY
7.0 HIGH
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.1 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Updated
Apr 20, 2026 - 14:42 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:22 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22605
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.0

DescriptionCVE.org

Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

AnalysisAI

Double free vulnerability in Microsoft Brokering File System enables local privilege escalation on Windows 11 (versions 24H2, 25H2, 26H1) and Windows Server 2025. Low-privileged authenticated users can exploit memory corruption (CWE-415) to gain SYSTEM-level access with high attack complexity. Microsoft has released patches addressing builds prior to 10.0.26100.32690 (24H2/Server 2025), 10.0.26200.8246 (25H2), and 10.0.28000.1836 (26H1). EPSS score of 0.04% (11th percentile) and SSVC assessment of no active exploitation suggest low immediate threat despite 7.0 CVSS score, though CISA classifies technical impact as total (complete system compromise).

Technical ContextAI

The vulnerability stems from a double free condition (CWE-415) in the Microsoft Brokering File System component, a Windows subsystem that manages file operations and resource brokering between applications and the operating system. Double free vulnerabilities occur when memory is deallocated multiple times, corrupting heap metadata and potentially allowing attackers to manipulate memory allocation patterns. This class of memory corruption bug can lead to arbitrary code execution when successfully exploited. The affected component is present only in modern Windows builds: Windows 11 24H2 (builds below 10.0.26100.32690), Windows 11 25H2 (builds below 10.0.26200.8246), Windows 11 26H1 (builds below 10.0.28000.1836), and Windows Server 2025 including Server Core installations (builds below 10.0.26100.32690). The vulnerability requires local access with low-level privileges (PR:L), suggesting it affects standard user accounts rather than requiring administrative access initially.

RemediationAI

Apply Microsoft security updates immediately to patch the double free vulnerability. Update Windows 11 24H2 systems to build 10.0.26100.32690 or later, Windows 11 25H2 systems to build 10.0.26200.8246 or later, Windows 11 26H1 systems to build 10.0.28000.1836 or later, and Windows Server 2025 (including Server Core) to build 10.0.26100.32690 or later via Windows Update or Microsoft Update Catalog. For environments unable to immediately patch, implement compensating controls: restrict local logon rights to only trusted users via Group Policy (Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Allow log on locally), enable and monitor Windows Defender Exploit Guard for heap corruption attempts, implement application control policies using AppLocker or Windows Defender Application Control to prevent unauthorized code execution, and deploy enhanced monitoring for unusual privilege escalation patterns via Event IDs 4672 (special privileges assigned) and 4688 (process creation with elevated tokens). These mitigations significantly increase attack complexity but may impact legitimate applications requiring local user access or dynamic code execution. Compensating controls do not eliminate risk and should be considered temporary measures until patching is completed. Reference Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32219 for detailed patch deployment guidance.

Share

CVE-2026-32219 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy