Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
AnalysisAI
Windows Kernel double free vulnerability enables local privilege escalation across Windows 10, 11, and Server editions when exploited by authenticated users with low-level privileges. The CWE-415 flaw affects all currently supported Windows versions from legacy Windows Server 2012 R2 through the latest Windows 11 26H1 and Windows Server 2025 builds. With CVSS 7.8 (AV:L/AC:L/PR:L), the vulnerability requires only local access and low-privilege authentication, making it valuable for second-stage a
Technical ContextAI
This vulnerability stems from a double free condition (CWE-415) in the Windows Kernel, where memory is deallocated twice, leading to heap corruption. Double free vulnerabilities occur when a program attempts to free the same memory pointer multiple times, typically due to improper reference counting or error handling in kernel memory management routines. In Windows Kernel context, this affects core system memory management across the NT kernel architecture that underpins both client and server Windows versions. The vulnerability impacts kernel-mode components where memory handling errors can compromise the security boundary between user mode and kernel mode. The broad CPE coverage spanning Windows 10 versions 1607 through 22H2, all Windows 11 versions (22H3, 23H2, 24H2, 25H2, 26H1), and Windows Server 2012 R2 through 2025 indicates the flaw exists in shared kernel memory management code maintained across multiple Windows release branches. Memory corruption in kernel space provides attackers the ability to manipulate kernel objects, bypass security checks, and execute arbitrary code with SYSTEM privileges.
RemediationAI
Apply Microsoft's security updates immediately through Windows Update or WSUS to upgrade to patched builds. For Windows 10 systems, update to builds 10.0.14393.9060 (1607), 10.0.17763.8644 (1809), 10.0.19044.7184 (21H2), or 10.0.19045.7184 (22H2). Windows 11 users should update to builds 10.0.22631.6936 (22H3/23H2), 10.0.26100.32690 (24H2), 10.0.26200.8246 (25H2), or 10.0.28000.1836 (26H1). Server administrators must patch to builds 6.3.9600.23132 (Server 2012 R2), 10.0.14393.9060 (Server 2016), 10.0.17763.8644 (Server 2019), 10.0.20348.5020 (Server 2022), 10.0.25398.2274 (Server 2022 23H2), or 10.0.26100.32690 (Server 2025). Prioritize patching for domain controllers, internet-facing systems, and servers accessible to lower-privileged users. No effective workarounds exist for kernel vulnerabilities; patching is the only reliable remediation. Full patch details available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26163.
Same weakness CWE-415 – Double Free
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22390