Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in the Windows Function Discovery Service (fdwsd.dll) allows an authorized low-privileged attacker on the host to win a race condition and obtain elevated privileges. Reported by Microsoft (secure@microsoft.com) and tracked under MSRC's update guide, the issue carries a CVSS 7.0 score driven by high impact across confidentiality, integrity, and availability, though the high attack complexity reflects the timing window required. No public exploit identified at time of analysis and the flaw is not currently listed in CISA KEV.
Technical ContextAI
Function Discovery (FD) is a Windows subsystem that abstracts the enumeration of devices and services (e.g., PnP-X, WSD, UPnP, SSDP) for applications such as Network Discovery, the device association framework, and Devices and Printers. fdwsd.dll specifically implements the Web Services on Devices (WSD) provider that handles discovery of networked peripherals like printers and scanners. The underlying weakness is CWE-362 (Concurrent Execution Using Shared Resource with Improper Synchronization, a.k.a. race condition), meaning two or more threads in the FD service access a shared object - likely a discovery handle, device list entry, or callback structure - without proper locking, creating a Time-of-Check to Time-of-Use (TOCTOU) or use-after-free style window that the attacker can leverage to corrupt state and gain code execution at the privilege level of the host service (typically LocalService/SYSTEM). No CPE strings were provided in the input, but the MSRC advisory is the authoritative product/version source.
RemediationAI
Apply the Microsoft security update referenced in the MSRC update guide entry at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42836 for each affected Windows SKU and build; patch available per vendor advisory, but no exact fix KB or build number was included in the input data, so consult the advisory for the matching KB. As a temporary compensating control where patching must wait, disable Network Discovery on affected hosts (Control Panel → Network and Sharing Center → Advanced sharing settings → Turn off network discovery) or stop and disable the Function Discovery Provider Host (fdPHost) and Function Discovery Resource Publication (FDResPub) services - be aware this breaks discovery of WSD printers/scanners, UPnP devices, and Devices and Printers enumeration. On shared multi-user systems, tighten interactive logon rights so untrusted users cannot run code locally, since exploitation requires PR:L (an authenticated local user).
Same weakness CWE-362 – Race Condition
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35590
GHSA-cpvv-8639-q52m