Skip to main content

Microsoft EUVDEUVD-2026-22501

| CVE-2026-32074 HIGH
Double Free (CWE-415)
2026-04-14 microsoft
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:31 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22501
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:58 nvd
HIGH 7.8

DescriptionCVE.org

Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation via double free vulnerability in Windows Projected File System (ProjFS) enables low-privileged authenticated users to achieve SYSTEM-level access across Windows 10, Windows 11, and Windows Server environments. The CWE-415 memory corruption flaw requires low attack complexity and no user interaction, affecting all actively supported Windows versions from legacy 1809 builds through current 26H1 releases. Vendor-released patches are available with build numbers confirmed

Technical ContextAI

Windows Projected File System (ProjFS) is a Windows kernel component introduced in Windows 10 version 1809 that enables user-mode applications to project hierarchical data into the file system namespace, commonly used by virtualization tools like Git VFS and cloud storage providers. The vulnerability stems from a CWE-415 double free condition, where the same memory region is deallocated twice, leading to heap corruption. This class of memory safety defect can result in arbitrary code execution when exploited, as the freed memory can be reallocated and manipulated before the second free operation occurs. The vulnerability resides in kernel-mode code (evidenced by the privilege escalation impact), meaning successful exploitation grants attackers the ability to execute code with SYSTEM privileges, bypassing Windows security boundaries including User Account Control, Protected Processes, and integrity level restrictions.

RemediationAI

Apply Microsoft security updates immediately through Windows Update or enterprise deployment mechanisms. Patched versions that resolve CVE-2026-32074 include Windows Server 2019 build 10.0.17763.8644 or later, Windows 10 Version 1809 build 10.0.17763.8644 or later, Windows 10 Version 21H2 build 10.0.19044.7184 or later, Windows 10 Version 22H2 build 10.0.19045.7184 or later, Windows 11 Version 22H3/23H2 build 10.0.22631.6936 or later, Windows 11 Version 24H2 build 10.0.26100.32690 or later, Windows 11 Version 25H2 build 10.0.26200.8246 or later, Windows 11 Version 26H1 build 10.0.28000.1836 or later, Windows Server 2022 build 10.0.20348.5020 or later, Windows Server 2022 23H2 Edition build 10.0.25398.2274 or later, and Windows Server 2025 build 10.0.26100.32690 or later. Consult the Microsoft Security Response Center update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32074 for deployment guidance. No effective workarounds exist that maintain ProjFS functionality; organizations unable to immediately patch should implement compensating controls including strict user privilege management, enhanced monitoring of privilege escalation attempts via Event ID 4672 and 4673, and network segmentation to limit lateral movement from compromised low-privilege accounts.

Share

EUVD-2026-22501 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy