Skip to main content

Severity by source

Vendor (microsoft) PRIMARY
HIGH
qualitative
NVD
7.0 HIGH
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.0 HIGH

Local-only UAF in a privileged service requires an authenticated low-priv account (PR:L) and a race win (AC:H); success yields full local C/I/A compromise.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 18:42 vuln.today
CVE Published
Jul 14, 2026 - 17:10 nvd
HIGH 7.0

DescriptionNVD

Use after free in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in the Microsoft Windows Client-Side Caching (CSC) Service, driven by a use-after-free (CWE-416) memory-corruption flaw affecting Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. An authorized attacker who already holds low-level privileges (PR:L) on the host can trigger the freed-object reuse to gain elevated, likely SYSTEM-level, privileges. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privileged local user
Delivery
Invoke CSC/Offline Files service
Exploit
Trigger use-after-free race in cscsvc
Execution
Reallocate freed object with controlled data
Persist
Execute code in service context
Impact
Elevate to SYSTEM privileges

Vulnerability AssessmentAI

Exploitation Exploitation requires an already-authenticated local presence on the target: the CVSS vector is AV:L (no remote/network trigger) and PR:L (a valid low-privileged local account is needed), with UI:N (no victim interaction). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This is a moderate-severity, patch-now-on-normal-cadence issue rather than a fire-drill. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already gained a low-privileged foothold on a Windows host (for example, via phishing or a compromised standard user account) invokes the Client-Side Caching service and races its object lifecycle to trigger the use-after-free, reallocating the freed memory with attacker-controlled data. Because AC:H, the exploit likely needs multiple attempts to win the timing/heap-grooming race, but on success it elevates the attacker to the service's privileged (SYSTEM-level) context. …
Remediation Apply the Microsoft security update for CVE-2026-58637 (Patch available per vendor advisory) for each affected SKU via Windows Update / WSUS / your patch-management tooling; the authoritative fix and per-SKU KB numbers are published at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58637. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all Windows 10 (builds 1607-22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server (2012-2025) systems to identify exposure; coordinate with infrastructure teams and prioritize high-value targets (domain controllers, sensitive data repositories). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-56155 HIGH POC
7.8 Jul 14

Local privilege escalation in Microsoft Active Directory Federation Services (AD FS) lets an already-authenticated low-p

CVE-2026-49798 CRITICAL POC
9.3 Jul 14

Local privilege escalation in the Microsoft Windows Kernel allows an unauthorized attacker to gain elevated (SYSTEM-leve

CVE-2026-50489 HIGH POC
8.8 Jul 14

Local privilege escalation in the Windows Win32K kernel subsystem (CWE-122 heap-based buffer overflow) lets an already-a

CVE-2026-54128 HIGH POC
8.4 Jul 14

Local code execution in the Windows DHCP Client service stems from a use-after-free (CWE-416) memory-corruption flaw aff

CVE-2026-54992 HIGH POC
8.4 Jul 14

Local code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and s

CVE-2026-50667 HIGH POC
7.8 Jul 14

Elevation of privilege in the Windows NTFS file-system driver lets an already-authenticated local user escalate to SYSTE

CVE-2026-50655 HIGH POC
7.8 Jul 14

Local code execution in the Windows Media component of supported Windows 10, Windows 11, and Windows Server (2016 throug

CVE-2026-57092 CRITICAL
9.9 Jul 14

Elevation of privilege in the Windows Hyper-V virtual network switch (VMSwitch) lets an authenticated attacker operating

CVE-2026-56188 CRITICAL
9.8 Jul 14

Remote code execution in the Windows Server Network driver stems from a race condition (CWE-362) that lets an unauthoriz

CVE-2026-56190 CRITICAL
9.8 Jul 14

Remote code execution in Microsoft Windows Remote Desktop (RDP) allows an unauthorized network attacker to run arbitrary

CVE-2026-56159 CRITICAL
9.8 Jul 14

Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated network attacker to run arbitr

CVE-2026-50518 CRITICAL
9.8 Jul 14

Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated network attacker to run arbitr

Share

CVE-2026-58637 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy