Skip to main content

Windows Cryptographic Services CVE-2026-44810

| EUVDEUVD-2026-35744 HIGH
Improper Authentication (CWE-287)
2026-06-09 secure@microsoft.com GHSA-6478-xjph-5qqp
7.8
CVSS 3.1 · NVD
Temporal: 7.3
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
7.3 HIGH
cvss
vuln.today AI
7.8 HIGH

Local elevation requiring an authenticated low-privileged user (AV:L, PR:L), no user interaction, low complexity, yielding SYSTEM-level full C/I/A impact within the same scope.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Updated
Jun 11, 2026 - 17:44 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 11, 2026 - 17:43 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 11, 2026 - 17:37 vuln.today
cvss_changed
CVSS changed
Jun 11, 2026 - 17:37 NVD
8.4 (HIGH) 7.8 (HIGH)
Patch available
Jun 09, 2026 - 19:03 EUVD
Analysis Generated
Jun 09, 2026 - 18:34 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 8.4

DescriptionNVD

Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Windows Cryptographic Services on Windows 11 (23H2 through 26H1) and Windows Server 2022/2025 allows a low-privileged authenticated user to elevate to higher privileges through an improper authentication flaw (CWE-287). Microsoft has released patches via MSRC, and while no public exploit identified at time of analysis, CISA SSVC rates the technical impact as total, meaning successful exploitation yields full system compromise. EPSS probability is very low (0.06%), reflecting the local attack vector and absence of known exploitation activity.

Technical ContextAI

Windows Cryptographic Services (CryptSvc) is a core Windows service responsible for certificate validation, key management, and cryptographic primitives consumed by signing verification, TLS, EFS, and many authentication subsystems. CWE-287 (Improper Authentication) indicates that the service fails to correctly verify the identity or trust attributes of a caller or credential, enabling a local actor to assert a privileged identity it should not possess. Because CryptSvc runs in a NetworkService/SYSTEM context and is widely trusted by Windows components, an authentication bypass inside it typically translates directly into elevation to SYSTEM. The CPE data confirms the flaw spans Windows 11 23H2/24H2/25H2/26H1 (x64 and ARM64) and Windows Server 2022 and 2025, including Server Core.

RemediationAI

Vendor-released patch: apply the cumulative Windows updates that raise affected systems to at least build 10.0.22631.7219 (Windows 11 23H2), 10.0.26100.8655 (Windows 11 24H2), 10.0.26200.8655 (Windows 11 25H2), 10.0.28000.2269 (Windows 11 26H1), 10.0.20348.5256 (Windows Server 2022), or 10.0.26100.32995 (Windows Server 2025 / Server Core), as listed in https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44810. There is no documented configuration workaround for CryptSvc itself, so until patching is complete, compensating controls should focus on limiting who can run code locally: restrict interactive and RDP logon rights on shared/jump hosts to vetted administrators (trade-off: blocks legitimate multi-user workloads), enforce application allowlisting via WDAC or AppLocker on terminal/Citrix servers to block arbitrary attacker binaries (trade-off: requires policy tuning), and prioritize EDR detections for unusual local elevation behavior on the listed builds.

Share

CVE-2026-44810 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy