Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
AnalysisAI
Windows Kernel logs sensitive information that can be read by local authenticated users, allowing information disclosure on Windows 10 and Windows 11 systems across multiple versions as well as Windows Server 2012 through 2025. The vulnerability requires local access and valid user credentials (privilege level L) but results in high confidentiality impact. Microsoft has released patches for all affected versions.
Technical ContextAI
This vulnerability is classified as CWE-532 (Insertion of Sensitive Information into Log File), a weakness in the Windows Kernel's logging mechanisms. The kernel inadvertently writes sensitive data to log files that are accessible by authenticated local users with standard privileges. Unlike many kernel vulnerabilities that require escalation or bypass of security boundaries, this flaw exposes data through a design issue in what information is logged and who can read those logs. The affected systems span Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and Windows Server editions (2012 through 2025), indicating the issue is systemic across multiple kernel versions.
RemediationAI
Patch available from Microsoft via the official update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32217. Apply the cumulative security updates specified for your Windows version as indicated in the EUVD affected versions list; for example, Windows 10 Version 22H2 requires update to build 10.0.19045.7184 or later, Windows 11 Version 24H2 requires build 10.0.26100.32690 or later, and Windows Server 2022 requires build 10.0.20348.5020 or later. Organizations unable to patch immediately should restrict local user access to systems containing sensitive data and review kernel log file permissions to ensure only authorized administrators can read them. Deployment through Windows Update or WSUS is the standard remediation path for Windows client and server systems.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22601
GHSA-454m-v4gh-w6c2