Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionNVD
Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Microsoft Kinect allows an authenticated low-privileged user to elevate to higher privileges due to improper access control (CWE-284). The vulnerability carries a CVSS 7.8 (High) rating with local attack vector and low complexity, and no public exploit identified at time of analysis. Successful exploitation yields high impact to confidentiality, integrity, and availability on the affected host.
Technical ContextAI
The flaw resides in Microsoft Kinect, the sensor platform and associated runtime/driver components used for motion sensing, depth imaging, and skeletal tracking on Windows hosts. The root cause is classified as CWE-284 (Improper Access Control), meaning that one or more privileged operations, files, IPC endpoints, device interfaces, or service entry points exposed by the Kinect stack do not adequately validate the caller's identity or permissions. Because Kinect components typically include user-mode services and kernel-adjacent device drivers running at SYSTEM, a missing or insufficient ACL/permission check on such an interface lets a lower-privileged process invoke functionality intended only for administrators or SYSTEM. No CPE data was provided to pin down the exact affected SKU (Kinect for Windows runtime/SDK versus an Xbox-linked component).
RemediationAI
Patch available per vendor advisory - apply the Microsoft security update referenced on the MSRC page at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41092 as soon as it is published or, if already released, deploy it via Windows Update or WSUS to all systems with Kinect runtime, drivers, or SDK components installed. Where patching must be delayed, reduce exposure by uninstalling the Kinect runtime and SDK from systems that do not require it, restricting interactive and remote-interactive logon rights on hosts where the components remain (since exploitation requires local authenticated access), and tightening ACLs on Kinect-related service binaries, named pipes, and device interfaces while monitoring for unexpected child processes of Kinect services - note that removing the runtime will break Kinect-dependent applications and that ACL hardening may destabilize legitimate Kinect functionality, so test before broad rollout.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35503
GHSA-qqh6-q4cq-fv8r