Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Windows Sensor Data Service affects all supported Windows 10, Windows 11, and Windows Server versions through untrusted pointer dereference (CWE-822). Authenticated local attackers with low-privilege accounts can exploit this vulnerability with low complexity to gain SYSTEM-level privileges, achieving full compromise of confidentiality, integrity, and availability. Vendor-released patches are available across all affected product lines. No public exploit identified
Technical ContextAI
This vulnerability stems from CWE-822 (Untrusted Pointer Dereference), a memory corruption class where the Windows Sensor Data Service improperly validates pointer values before dereferencing them. The Sensor Data Service is a Windows component that manages sensor hardware interactions (accelerometers, GPS, ambient light sensors, etc.) and runs with elevated privileges. When processing sensor data or API calls, the service fails to adequately validate pointer addresses supplied by lower-privileged callers. An attacker can supply a crafted pointer that, when dereferenced by the privileged service, redirects execution flow or corrupts critical memory structures. Because the service operates in the SYSTEM security context, successful exploitation allows arbitrary code execution with the highest Windows privilege level. The vulnerability affects the sensor framework implementation spanning Windows 10 version 1809 through Windows 11 version 26H1 and all contemporary Windows Server editions (2019, 2022, 2025), indicating a longstanding architectural weakness in the sensor data handling subsystem rather than a recently introduced bug.
RemediationAI
Apply the vendor-released security updates immediately through Windows Update or WSUS. Patched versions are Windows 10 1809 build 10.0.17763.8644 or later, Windows 10 21H2 build 10.0.19044.7184 or later, Windows 10 22H2 build 10.0.19045.7184 or later, Windows 11 22H3/23H2 build 10.0.22631.6936 or later, Windows 11 24H2 build 10.0.26100.32690 or later, Windows 11 25H2 build 10.0.26200.8246 or later, Windows 11 26H1 build 10.0.28000.1836 or later, Windows Server 2019 build 10.0.17763.8644 or later, Windows Server 2022 build 10.0.20348.5020 or later, Windows Server 2022 23H2 build 10.0.25398.2274 or later, and Windows Server 2025 build 10.0.26100.32690 or later. Microsoft's official update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26161 contains downloadable patches and deployment instructions. No workarounds are documented; patching is the only effective mitigation. Organizations unable to patch immediately should review local user permissions and restrict interactive logon rights to trusted accounts only, though this provides limited protection given the low privilege requirement.
Same weakness CWE-822 – Untrusted Pointer Dereference
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22386
GHSA-9jjg-8mxf-5rr7