Severity by source
AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Windows Push Notifications service affects Windows 10 21H2/22H2, Windows 11 22H3-26H1, and Windows Server 2022/2025 via race condition vulnerability. Authenticated low-privilege attackers can gain SYSTEM-level privileges through improper synchronization during concurrent operations (CWE-362). CVSS 7.8 (High) with high attack complexity (AC:H) and scope change (S:C). No public exploit identified at time of analysis. Microsoft released patches in January 2026 security
Technical ContextAI
This vulnerability stems from a race condition (CWE-362) in the Windows Push Notifications (WPN) service, a core Windows component responsible for handling toast notifications, live tiles, and push notification delivery to applications. Race conditions occur when multiple threads or processes access shared resources without proper synchronization primitives (mutexes, semaphores, critical sections). The CVSS vector indicates local access (AV:L) with changed scope (S:C), suggesting the vulnerability allows escaping the security context of the WPN service to impact resources beyond its privilege boundary. The WPN service typically runs with elevated privileges to interact with user sessions and system resources, making it an attractive target for privilege escalation. The high attack complexity (AC:H) suggests exploitation requires precise timing or specific system conditions, characteristic of time-of-check-time-of-use (TOCTOU) vulnerabilities or similar synchronization flaws. Affected products span Windows 10 builds 19044/19045, Windows 11 builds 22631/26100/26200/28000, and Windows Server 2022/2025 (builds 20348/25398/26100), indicating the vulnerable code exists across multiple Windows NT kernel branches.
RemediationAI
Apply Microsoft's January 2026 security updates immediately through Windows Update or WSUS to install patched versions: Windows 10 21H2 to build 10.0.19044.7184 or later, Windows 10 22H2 to build 10.0.19045.7184 or later, Windows 11 22H3/23H2 to build 10.0.22631.6936 or later, Windows 11 24H2 to build 10.0.26100.32690 or later, Windows 11 25H2 to build 10.0.26200.8246 or later, Windows 11 26H1 to build 10.0.28000.1836 or later, Windows Server 2022 to build 10.0.20348.5020 or later, Windows Server 2022 23H2 to build 10.0.25398.2274 or later, and Windows Server 2025 to build 10.0.26100.32690 or later. No workarounds are documented in the Microsoft advisory. Verification can be performed by checking system build number via winver.exe or systeminfo command. For air-gapped or disconnected systems, obtain offline update packages from Microsoft Update Catalog. Detailed patch deployment guidance available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26172.
Same weakness CWE-362 – Race Condition
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22406