Skip to main content

Severity by source

Vendor (microsoft) PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
vuln.today AI
8.0 HIGH

Guest-to-host path is adjacent rather than truly remote (AV:A), UAF needs a memory-reuse race (AC:H), and a guest foothold is required (PR:L), with full host impact and scope change.

3.1 AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 18:58 vuln.today
CVE Published
Jul 14, 2026 - 17:09 nvd
CRITICAL 9.9

DescriptionCVE.org

Use after free in Windows VMSwitch allows an authorized attacker to elevate privileges over a network.

AnalysisAI

Elevation of privilege in the Windows Hyper-V virtual network switch (VMSwitch) lets an authenticated attacker operating from a guest partition corrupt kernel memory via a use-after-free and gain higher privileges, with a scope change (S:C) indicating a guest-to-host escape. Rated CVSS 9.9 and affecting a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025, this issue was reported by Microsoft and has a vendor patch available. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-priv access in guest VM
Delivery
Send crafted virtual switch traffic
Exploit
Trigger use-after-free in vmswitch.sys
Execution
Reclaim freed kernel object with controlled data
Persist
Corrupt host-partition kernel memory
Impact
Escalate to SYSTEM and escape to host

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated foothold able to interact with the Hyper-V VMSwitch driver - in practice, code execution inside a guest VM or another low-privilege context on a host running the Hyper-V virtual switch (CVSS PR:L confirms a low privilege level is needed, not unauthenticated access). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are largely consistent and point to a genuine high priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already compromised or been granted access to a low-privilege guest VM on a Hyper-V host sends crafted virtual network operations that trigger the use-after-free in vmswitch.sys, grooming kernel memory to reclaim the freed object with attacker-controlled data. Successful exploitation corrupts host-partition kernel memory and escalates from guest context to SYSTEM-level control of the host, breaking VM isolation. …
Remediation Patch available per vendor advisory: apply the Microsoft security updates for CVE-2026-57092 to every affected client and server SKU via the MSRC update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57092, prioritizing Hyper-V hosts and any Windows Server systems running the Hyper-V role. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify all systems running Windows Hyper-V across your infrastructure, including Windows 10 (1607 through current), Windows 11, and Windows Server (2012 through 2025), and catalog which systems host production workloads or untrusted guest VMs. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-56155 HIGH POC
7.8 Jul 14

Local privilege escalation in Microsoft Active Directory Federation Services (AD FS) lets an already-authenticated low-p

CVE-2026-49798 CRITICAL POC
9.3 Jul 14

Local privilege escalation in the Microsoft Windows Kernel allows an unauthorized attacker to gain elevated (SYSTEM-leve

CVE-2026-50489 HIGH POC
8.8 Jul 14

Local privilege escalation in the Windows Win32K kernel subsystem (CWE-122 heap-based buffer overflow) lets an already-a

CVE-2026-54128 HIGH POC
8.4 Jul 14

Local code execution in the Windows DHCP Client service stems from a use-after-free (CWE-416) memory-corruption flaw aff

CVE-2026-54992 HIGH POC
8.4 Jul 14

Local code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and s

CVE-2026-50667 HIGH POC
7.8 Jul 14

Elevation of privilege in the Windows NTFS file-system driver lets an already-authenticated local user escalate to SYSTE

CVE-2026-50655 HIGH POC
7.8 Jul 14

Local code execution in the Windows Media component of supported Windows 10, Windows 11, and Windows Server (2016 throug

CVE-2026-56188 CRITICAL
9.8 Jul 14

Remote code execution in the Windows Server Network driver stems from a race condition (CWE-362) that lets an unauthoriz

CVE-2026-56190 CRITICAL
9.8 Jul 14

Remote code execution in Microsoft Windows Remote Desktop (RDP) allows an unauthorized network attacker to run arbitrary

CVE-2026-56159 CRITICAL
9.8 Jul 14

Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated network attacker to run arbitr

CVE-2026-50518 CRITICAL
9.8 Jul 14

Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated network attacker to run arbitr

CVE-2026-50447 CRITICAL
9.8 Jul 14

Remote code execution in Microsoft Windows Message Queuing (MSMQ) allows an unauthenticated attacker to run arbitrary co

Share

CVE-2026-57092 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy