Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Windows Print Spooler Components affects Windows 10, Windows 11, and Windows Server 2012 through race condition exploitation. Authenticated low-privileged attackers can elevate to SYSTEM privileges via concurrent resource access attacks, though attack complexity is rated high (AC:H). Vendor-released patch available from Microsoft Security Response Center. No active exploitation confirmed in CISA KEV at time of analysis, but Print Spooler remains a historically attractive target with established attack patterns (PrintNightmare, SpoolFool precedents).
Technical ContextAI
This vulnerability stems from CWE-362 (race condition) in the Windows Print Spooler service architecture, where multiple threads or processes access shared resources without proper synchronization primitives (mutexes, semaphores, or atomic operations). The Print Spooler service runs with SYSTEM privileges and manages printer queues, driver loading, and file operations. Race conditions in this service typically involve time-of-check-time-of-use (TOCTOU) flaws where an attacker can modify a resource between validation and use, or exploit file system race windows during spool file processing. The CPE data indicates widespread exposure across Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and Windows Server 2012, representing both client and server operating systems spanning nearly a decade of Windows releases.
RemediationAI
Apply Microsoft security updates immediately from the official update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34342, where patches for all affected Windows versions are available. Use Windows Update, WSUS, or Microsoft Endpoint Configuration Manager to deploy patches across enterprise environments. As compensating control where patching is delayed, consider disabling the Print Spooler service on systems that do not require printing functionality via 'Stop-Service Spooler; Set-Service Spooler -StartupType Disabled' in PowerShell, though this breaks all printing capabilities. Alternatively, restrict Print Spooler to administrators only by modifying service permissions, but this may interfere with legitimate user printing workflows and requires testing in production environments. Monitor Spooler service activity via Sysmon Event ID 7 (ImageLoad) and Windows Event 307 (PrintService) for unusual driver loads or spool file manipulations.
Same weakness CWE-362 – Race Condition
View allSame technique Race Condition
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29601
GHSA-j7wf-wpq3-wph2