Skip to main content

Windows Kernel CVE-2026-48583

| EUVDEUVD-2026-35527 HIGH
Use After Free (CWE-416)
2026-06-09 secure@microsoft.com GHSA-87hw-q346-25ww
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 09, 2026 - 17:45 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.8

DescriptionCVE.org

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Microsoft Windows Kernel allows an authenticated low-privileged user to elevate to SYSTEM by triggering a use-after-free condition (CWE-416). The flaw carries a CVSS 7.8 score with local attack vector and low privileges required, and no public exploit has been identified at time of analysis. Microsoft Security Response Center (MSRC) is the sole referenced authoritative source, indicating this is a vendor-discovered and vendor-tracked issue.

Technical ContextAI

The vulnerability resides in the Windows Kernel - the privileged core of the NT operating system responsible for memory management, process scheduling, and hardware abstraction. CWE-416 (Use After Free) describes a memory-safety defect where code references heap memory after it has been deallocated; in a kernel context, attackers can reclaim the freed object with attacker-controlled data, manipulate dangling pointers, and corrupt kernel structures to gain arbitrary kernel-mode read/write or execution primitives. The tagging of 'Denial Of Service' alongside 'Memory Corruption' is consistent with UAF behavior, which can manifest as either a bugcheck (BSOD) or, when exploited carefully, full SYSTEM-level code execution.

RemediationAI

Apply the security update referenced in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583 as soon as it is released through Windows Update, WSUS, or your endpoint patch management tooling; exact KB numbers and build versions are published per Windows SKU on that page and were not provided in the input data. As compensating controls until patches can be deployed, restrict interactive and remote-desktop logon to trusted administrators on sensitive hosts (reduces the pool of attackers who can reach the local attack surface), enable Microsoft Defender Attack Surface Reduction rules that block child-process creation from Office and script hosts (raises the bar for getting any local code running), and ensure Credential Guard and HVCI/VBS are enabled where supported (HVCI specifically mitigates many kernel exploitation primitives but may impact older drivers and virtualization workloads). No patch version was provided in the input data, so confirm the exact fix build from MSRC before declaring systems remediated.

Share

CVE-2026-48583 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy