Skip to main content

Windows Storage CVE-2026-47648

| EUVDEUVD-2026-35515 HIGH
Untrusted Search Path (CWE-426)
2026-06-09 secure@microsoft.com GHSA-x5vh-qfr8-9p58
7.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.0 HIGH
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 09, 2026 - 19:03 EUVD
Analysis Generated
Jun 09, 2026 - 17:53 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.0

DescriptionCVE.org

Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Microsoft Windows Storage allows an authorized low-privilege user to gain higher privileges through an untrusted search path weakness (CWE-426). The flaw requires existing local access and a successful race or environmental manipulation, reflected in the high attack complexity. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Technical ContextAI

The vulnerability is rooted in CWE-426 (Untrusted Search Path), a class of flaws where a process loads a resource - typically a DLL or executable - from a directory whose contents an attacker can influence, rather than from a trusted, fully qualified path. In the Windows Storage component this most commonly manifests as a service or helper binary searching the current working directory, a user-writable PATH entry, or a side-by-side assembly directory before the system directories, enabling DLL planting/hijacking. Because Windows Storage components frequently run with elevated rights (SYSTEM or service-level tokens), loading attacker-controlled code into such a process yields privilege elevation.

RemediationAI

Apply the Microsoft security update for CVE-2026-47648 as detailed at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648; exact patched build numbers are not provided in the input data and must be confirmed from the MSRC update guide for each affected Windows SKU. Patch available per vendor advisory. Until patches are deployed, compensating controls include restricting local interactive logon to trusted users via Group Policy (User Rights Assignment) to shrink the pool of 'authorized attackers' the CVSS vector references, removing user-writable directories from the system PATH, and enabling AppLocker or WDAC rules that block unsigned DLL loads from user-writable paths - note these controls can break legitimate applications that rely on PATH lookup or unsigned helper DLLs and require staged rollout with monitoring.

Share

CVE-2026-47648 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy