Skip to main content

Windows TCP/IP CVE-2026-42904

| EUVD-2026-35593 CRITICAL
Heap-based Buffer Overflow (CWE-122)
2026-06-09 secure@microsoft.com GHSA-3f78-xrf3-9xc8
Heap Overflow Microsoft Buffer Overflow
9.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.6 CRITICAL
AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
ENISA EUVD
CRITICAL
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 09, 2026 - 19:03 EUVD
Analysis Generated
Jun 09, 2026 - 17:40 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
CRITICAL 9.6

DescriptionNVD

Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.

AnalysisAI

Privilege elevation in the Windows TCP/IP networking stack allows an unauthenticated attacker on an adjacent network to gain elevated privileges by triggering a heap-based buffer overflow (CWE-122). The CVSS 9.6 score with scope change (S:C) indicates the compromise crosses security boundaries beyond the vulnerable component itself. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain adjacent network foothold (Wi-Fi/VLAN/VPN)
Delivery
Craft malformed TCP/IP packet
Exploit
Send to vulnerable Windows host
Execution
Trigger heap overflow in tcpip.sys
Persist
Corrupt kernel pool memory
Impact
Execute code at SYSTEM/kernel privilege
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Attacker must have Layer-2/adjacent-network reachability to the target - same broadcast domain, same Wi-Fi SSID, same VPN subnet, or same cloud virtual network segment - because the CVSS vector specifies AV:A (Adjacent) rather than AV:N (Network). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 9.6 score is high but several factors moderate real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker connected to the same Wi-Fi, VLAN, or VPN subnet as the target - for example a guest in a corporate office, a co-tenant in a cloud VNet, or a malicious device on a hotel network - crafts and transmits malformed TCP/IP packets to a vulnerable Windows host. The packets trigger the heap overflow in tcpip.sys, corrupting kernel pool memory and ultimately yielding SYSTEM-level code execution without any user interaction or prior authentication. …
Remediation Patch available per vendor advisory - apply the Microsoft security update referenced at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42904 via Windows Update, WSUS, or your enterprise patching pipeline; the exact KB article and patched build numbers are listed on the MSRC page. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify and catalog all Windows systems and determine which are on networks exposed to untrusted adjacent systems. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-42904 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy