Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
AnalysisAI
Windows Kernel logs sensitive information that authenticated local users can read, enabling information disclosure on Windows 10 (versions 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), Windows Server 2022, and Windows Server 2025. An attacker with local user privileges can access kernel log files to retrieve confidential data such as credentials, cryptographic material, or system secrets. Microsoft has released patches addressing this log injection vulnerability; no public exploit code or active exploitation has been confirmed.
Technical ContextAI
The vulnerability (CWE-532: Insertion of Sensitive Information Into Log File) exists in the Windows Kernel logging subsystem, where sensitive data is written to accessible log files without proper sanitization or encryption. The Windows Kernel uses event logging and diagnostic logging mechanisms that may contain unencrypted or plaintext credentials, API keys, or other confidential information. An authenticated local user with standard privileges can read these kernel logs through standard Windows log-viewing utilities or by directly accessing log file storage locations. This is not a memory corruption or elevation-of-privilege flaw, but a data-handling weakness in how the Kernel manages logging output.
RemediationAI
Microsoft has released security updates addressing this vulnerability. Apply the vendor patch immediately via Windows Update or manual download from the Microsoft Security Response Center (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32218). For Windows 10 21H2, update to build 10.0.19044.7184 or later; for Windows 10 22H2, update to build 10.0.19045.7184 or later. Windows 11 22H3 and 23H2 require build 10.0.22631.6936 or later; Windows 11 24H2 requires build 10.0.26100.32690 or later; Windows 11 25H2 requires build 10.0.26200.8246 or later; Windows 11 26H1 requires build 10.0.28000.1836 or later. Windows Server 2022 requires build 10.0.20348.5020 or later; Windows Server 2022 23H2 Server Core requires build 10.0.25398.2274 or later; Windows Server 2025 and 2025 Server Core require build 10.0.26100.32690 or later. As an interim mitigation, restrict local user access to kernel log files and enable auditing of log file access on systems handling sensitive data.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22603
GHSA-4xm9-mm3c-5883