Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionNVD
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
AnalysisAI
Elevation of privilege in the Microsoft Windows Universal Disk Format File System (UDFS) driver allows a local authenticated attacker to escalate to SYSTEM-level privileges with high impact on confidentiality, integrity, and availability. The CVSS 7.8 vector indicates local attack with low complexity and low privileges required, and no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must already have authenticated local code execution as a low-privileged user on the target Windows host (CVSS PR:L, AV:L), and must be able to cause the UDFS driver to parse attacker-controlled UDF file-system metadata - typically by mounting a crafted ISO, optical disc, or virtual disk volume. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS vector (AV:L/AC:L/PR:L/UI:N) describes a local, low-complexity attack requiring only an authenticated user, with no user interaction, yielding full CIA impact - consistent with a local-to-SYSTEM elevation of privilege primitive. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A standard domain user on a patched-but-vulnerable Windows endpoint mounts a maliciously crafted UDF-formatted ISO image (delivered via download, USB, or attached storage), triggering the truncation flaw inside UDFS.sys during volume parsing and corrupting kernel memory. The attacker leverages the corruption to elevate from a low-privileged user to SYSTEM, then disables endpoint protections and stages follow-on tooling. … |
| Remediation | Apply the Microsoft security update referenced in MSRC advisory CVE-2026-40409 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40409 as the primary remediation; the exact fix KB and build numbers must be obtained from that advisory because they were not provided in this intelligence package, so cite 'Patch available per vendor advisory' until the specific KB is confirmed. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Windows systems with UDFS in use and audit local user account access-prioritize servers and sensitive workstations. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-197 – Numeric Truncation Error
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35655
GHSA-gh84-vhg8-4mc3