Skip to main content

Microsoft EUVDEUVD-2026-22366

| CVE-2026-23670 MEDIUM
Untrusted Pointer Dereference (CWE-822)
2026-04-14 microsoft GHSA-4x89-432c-cm9x
5.7
CVSS 3.1 · NVD
Temporal: 5.0
Share

Severity by source

NVD PRIMARY
5.7 MEDIUM
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
CIRCL (temporal)
5.0 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

5
Analysis Generated
Apr 14, 2026 - 19:40 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22366
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:56 nvd
MEDIUM 5.7

DescriptionCVE.org

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.

AnalysisAI

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows authorized local attackers to bypass security features, affecting Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server 2016-2025. With a CVSS score of 5.7 and high privilege requirement (PR:H), the vulnerability requires administrative or high-privilege account access but presents significant confidentiality and integrity risk to isolated security domai

Technical ContextAI

Windows Virtualization-Based Security (VBS) Enclaves are isolated execution environments that enforce security policies independently of the kernel, using hardware virtualization features to prevent unauthorized code execution and data exfiltration. The vulnerability stems from CWE-822 (Untrusted Pointer Dereference), where improper validation of pointer references within the enclave allows an authenticated high-privilege attacker to dereference malicious or invalid pointers, corrupting enclave memory state or bypassing enclave-enforced isolation boundaries. VBS Enclaves are used to protect sensitive operations such as credential storage, attestation, and Windows Defender Credential Guard functionality. The affected CPE strings span multiple Windows 10 and 11 versions as well as Windows Server 2016-2025, indicating a systemic issue in VBS pointer handling across multiple OS release branches.

RemediationAI

Apply vendor-released security updates immediately. For Windows 10 Version 1607 and Windows Server 2016, update to build 10.0.14393.9060 or later. For Windows 10 Version 1809 and Windows Server 2019, update to build 10.0.17763.8644 or later. For Windows 10 Version 21H2, update to build 10.0.19044.7184 or later. For Windows 10 Version 22H2, update to build 10.0.19045.7184 or later. For Windows 11 Version 22H3 and Windows 11 Version 23H2, update to build 10.0.22631.6936 or later. For Windows 11 Version 24H2, update to build 10.0.26100.32690 or later. For Windows 11 Version 25H2, update to build 10.0.26200.8246 or later. For Windows 11 Version 26H1, update to build 10.0.28000.1836 or later. For Windows Server 2022, update to build 10.0.20348.5020

Share

EUVD-2026-22366 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy