Skip to main content

Windows NT Kernel CVE-2026-42916

| EUVDEUVD-2026-35600 HIGH
Integer Overflow or Wraparound (CWE-190)
2026-06-09 secure@microsoft.com GHSA-5c99-j5fv-r62h
7.8
CVSS 3.1 · Vendor: microsoft
Temporal: 6.8
Share

Severity by source

Vendor (microsoft) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 09, 2026 - 18:38 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.8

DescriptionCVE.org

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in the Windows NT OS Kernel allows an authenticated low-privileged user to elevate to higher privileges through an integer underflow condition. The flaw carries a CVSS 7.8 (High) rating with no public exploit identified at time of analysis, but Microsoft has issued a patch via MSRC. Defenders should treat this as a standard Patch-Tuesday-class kernel EoP that becomes a critical post-compromise pivot once initial access is achieved.

Technical ContextAI

The vulnerability resides in the core Windows NT OS Kernel, the privileged ring-0 component underpinning all supported Windows client and server SKUs. The root cause is CWE-190 (Integer Overflow or Wraparound) - specifically an integer underflow where an arithmetic operation produces a value below the representable minimum, wrapping around to a large unsigned value. In kernel code paths, such wraparound typically corrupts size calculations used in buffer allocation, length validation, or pointer arithmetic, enabling subsequent out-of-bounds writes or undersized buffer allocations that an attacker can leverage for memory corruption and ultimately arbitrary kernel-mode code execution.

RemediationAI

Apply the Microsoft-released patch as published in the MSRC update guide (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42916) by deploying the relevant cumulative update for each affected Windows client and server build through Windows Update, WSUS, or your standard patch management pipeline; exact KB identifiers are listed per-SKU in the MSRC entry. Because the vulnerability lives in the OS kernel itself, there is no feature toggle or configuration workaround - kernel patching is the only durable fix. As compensating controls until patching completes, restrict interactive and Remote Desktop logon rights on sensitive hosts to trusted administrators (reducing the pool of accounts that can satisfy the PR:L precondition, at the cost of reduced operational flexibility), enforce application allowlisting (e.g., WDAC or AppLocker) to limit unsigned binaries that would stage the exploit (cost: tuning effort and potential breakage of line-of-business apps), and prioritize endpoint detection coverage for anomalous token manipulation and kernel-mode driver loads. Refer to the vuldb tracking entry at https://vuldb.com/vuln/369616 for additional cross-referenced metadata.

CVE-2025-33053 HIGH POC
8.8 Jun 10

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables

CVE-2025-33073 HIGH POC
8.8 Jun 10

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker

CVE-2025-21293 HIGH POC
8.8 Jan 14

Active Directory Domain Services contains an elevation of privilege vulnerability that allows authenticated domain users

CVE-2025-30397 HIGH POC
7.5 May 13

Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the

CVE-2025-32706 HIGH POC
7.8 May 13

Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulne

CVE-2025-21418 HIGH
7.8 Feb 11

Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow enabling local privilege escalation

CVE-2026-21510 HIGH POC
8.8 Feb 10

Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote atta

CVE-2025-47827 MEDIUM POC
4.6 Jun 05

In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptograph

CVE-2026-21519 HIGH
7.8 Feb 10

Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables

CVE-2025-32701 HIGH
7.8 May 13

Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a se

CVE-2025-21391 HIGH
7.1 Feb 11

Windows Storage contains an elevation of privilege vulnerability through symlink following that allows authorized attack

CVE-2025-32709 HIGH
7.8 May 13

Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a nu

Share

CVE-2026-42916 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy