Skip to main content

Microsoft EUVDEUVD-2026-22386

| CVE-2026-26161 HIGH
Untrusted Pointer Dereference (CWE-822)
2026-04-14 microsoft GHSA-9jjg-8mxf-5rr7
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:13 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22386
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.8

DescriptionCVE.org

Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Windows Sensor Data Service affects all supported Windows 10, Windows 11, and Windows Server versions through untrusted pointer dereference (CWE-822). Authenticated local attackers with low-privilege accounts can exploit this vulnerability with low complexity to gain SYSTEM-level privileges, achieving full compromise of confidentiality, integrity, and availability. Vendor-released patches are available across all affected product lines. No public exploit identified

Technical ContextAI

This vulnerability stems from CWE-822 (Untrusted Pointer Dereference), a memory corruption class where the Windows Sensor Data Service improperly validates pointer values before dereferencing them. The Sensor Data Service is a Windows component that manages sensor hardware interactions (accelerometers, GPS, ambient light sensors, etc.) and runs with elevated privileges. When processing sensor data or API calls, the service fails to adequately validate pointer addresses supplied by lower-privileged callers. An attacker can supply a crafted pointer that, when dereferenced by the privileged service, redirects execution flow or corrupts critical memory structures. Because the service operates in the SYSTEM security context, successful exploitation allows arbitrary code execution with the highest Windows privilege level. The vulnerability affects the sensor framework implementation spanning Windows 10 version 1809 through Windows 11 version 26H1 and all contemporary Windows Server editions (2019, 2022, 2025), indicating a longstanding architectural weakness in the sensor data handling subsystem rather than a recently introduced bug.

RemediationAI

Apply the vendor-released security updates immediately through Windows Update or WSUS. Patched versions are Windows 10 1809 build 10.0.17763.8644 or later, Windows 10 21H2 build 10.0.19044.7184 or later, Windows 10 22H2 build 10.0.19045.7184 or later, Windows 11 22H3/23H2 build 10.0.22631.6936 or later, Windows 11 24H2 build 10.0.26100.32690 or later, Windows 11 25H2 build 10.0.26200.8246 or later, Windows 11 26H1 build 10.0.28000.1836 or later, Windows Server 2019 build 10.0.17763.8644 or later, Windows Server 2022 build 10.0.20348.5020 or later, Windows Server 2022 23H2 build 10.0.25398.2274 or later, and Windows Server 2025 build 10.0.26100.32690 or later. Microsoft's official update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26161 contains downloadable patches and deployment instructions. No workarounds are documented; patching is the only effective mitigation. Organizations unable to patch immediately should review local user permissions and restrict interactive logon rights to trusted accounts only, though this provides limited protection given the low privilege requirement.

Share

EUVD-2026-22386 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy