Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Microsoft Windows WalletService across Server 2016 through Server 2025 allows low-privileged authenticated attackers to gain SYSTEM-level access by exploiting a use-after-free memory corruption flaw. Attack complexity is high (CVSS AC:H), requiring precise timing or race condition exploitation. Patch available per vendor advisory (MSRC). No public exploit identified at time of analysis, EPSS data not provided.
Technical ContextAI
CWE-416 use-after-free vulnerabilities occur when a program continues to use a memory pointer after the memory has been freed, leading to memory corruption. In WalletService-a Windows component handling payment credential storage and secure transactions-this flaw allows manipulation of freed memory to corrupt program state. Affects Windows Server 2016 (build 10.0.14393.0 to <10.0.14393.9060), Server 2019 (10.0.17763.0 to <10.0.17763.8644), Server 2022 (10.0.20348.0 to <10.0.20348.5020 and 23H2 10.0.25398.0 to <10.0.25398.2274), and Server 2025 (10.0.26100.0 to <10.0.26100.32690), including Server Core installations. The local attack vector (AV:L) combined with high attack complexity suggests exploitation requires detailed system knowledge, precise timing of memory operations, or winning a race condition between free and reuse operations.
RemediationAI
Apply Microsoft security updates immediately to patch the WalletService use-after-free vulnerability. Fixed versions: Windows Server 2016 update to 10.0.14393.9060 or later, Windows Server 2019 update to 10.0.17763.8644 or later, Windows Server 2022 update to 10.0.20348.5020 or later, Windows Server 2022 23H2 Edition update to 10.0.25398.2274 or later, and Windows Server 2025 update to 10.0.26100.32690 or later. Deploy patches through Windows Update, WSUS, or Microsoft Update Catalog following standard change management procedures. Consult the official Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32080 for detailed update packages and installation guidance. No workarounds identified; patching is the only effective mitigation. Prioritize servers with Remote Desktop access or multiple local users, then proceed to isolated infrastructure.
Same weakness CWE-416 – Use After Free
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22512
GHSA-39cm-frwr-45jg