Skip to main content

Windows Storport Miniport Driver CVE-2026-34350

| EUVDEUVD-2026-29606 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-12 microsoft GHSA-j4rf-m955-wgf3
6.5
CVSS 3.1 · NVD
Temporal: 5.7
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CIRCL (temporal)
5.7 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
May 12, 2026 - 18:34 vuln.today
CVE Published
May 12, 2026 - 16:58 nvd
MEDIUM 6.5

DescriptionCVE.org

Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.

AnalysisAI

Null pointer dereference in Windows Storport Miniport Driver allows remote attackers to trigger denial of service over a network with user interaction. The vulnerability affects Windows Server 2025 and exists in the storage port driver architecture, requiring the attacker to send a specially crafted network request that causes the driver to dereference a null pointer, resulting in service interruption or system instability. No public exploit code or active exploitation has been confirmed.

Technical ContextAI

The Storport Miniport Driver is a critical Windows storage architecture component responsible for managing communication between the storage class driver and hardware-specific miniport drivers. CWE-476 (Null Pointer Dereference) indicates the driver fails to validate pointer initialization or check for null values before dereferencing memory, a common weakness in kernel-mode driver code where improper input validation on network-received data structures can propagate unchecked null references. The vulnerability is exploitable over the network (AV:N), suggesting the affected code path processes unauthenticated network traffic destined for storage-related services or protocols handled by the Storport driver stack.

RemediationAI

Apply the vendor-released security patch from Microsoft Security Response Center (MSRC) at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34350. The patch addresses the null pointer dereference by adding proper pointer validation in the Storport Miniport Driver code path. For systems unable to patch immediately, restrict network access to services and protocols that interface with the Storport driver using host-based firewall rules or network segmentation, and disable unnecessary storage-related network services if operationally feasible. Monitor system event logs for crashes or unexpected service terminations of storage-related drivers, which may indicate exploitation attempts. Ensure administrative approval is obtained before patching production storage infrastructure, as driver updates require system validation in environments with critical storage dependencies.

Share

CVE-2026-34350 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy