Skip to main content

Microsoft EUVDEUVD-2026-22619

| CVE-2026-33098 HIGH
Use After Free (CWE-416)
2026-04-14 microsoft
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:24 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22619
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.8

DescriptionCVE.org

Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Windows Container Isolation FS Filter Driver affects all supported Windows 10, Windows 11, and Windows Server versions through use-after-free memory corruption. Low-complexity attack requires only low-privileged local access to achieve full system compromise (SYSTEM-level privileges). Microsoft has released patches for all affected versions. No public exploit identified at time of analysis, but the low attack complexity (AC:L) and requirement for only low privileges

Technical ContextAI

The vulnerability resides in the Windows Container Isolation FS Filter Driver, a kernel-mode component responsible for filesystem isolation in Windows containers. The flaw is a use-after-free condition (CWE-416), a class of memory corruption vulnerability where the driver continues to reference memory after it has been deallocated. In kernel-mode drivers, use-after-free bugs are particularly dangerous because they execute with SYSTEM privileges and can bypass user-mode security boundaries. When exploited, an attacker can manipulate freed memory to control program execution flow or corrupt kernel data structures. The affected CPE strings indicate this vulnerability impacts the entire Windows ecosystem from legacy Windows 10 Version 1607 through the latest Windows 11 Version 26H1 and Windows Server 2025, suggesting the vulnerable code has been present across multiple Windows generations. The driver's role in container isolation means it's accessible to any authenticated user on systems with container features enabled, either through Docker, Hyper-V containers, or Windows Sandbox.

RemediationAI

Apply Microsoft's May 2026 security updates immediately through Windows Update or WSUS to remediate this vulnerability. Fixed versions include Windows 10 1607 build 10.0.14393.9060 or later, Windows 10 1809 build 10.0.17763.8644 or later, Windows 10 21H2 build 10.0.19044.7184 or later, Windows 10 22H2 build 10.0.19045.7184 or later, Windows 11 22H3/23H2 build 10.0.22631.6936 or later, Windows 11 24H2 build 10.0.26100.32690 or later, Windows 11 25H2 build 10.0.26200.8246 or later, Windows 11 26H1 build 10.0.28000.1836 or later, Windows Server 2016 build 10.0.14393.9060 or later, Windows Server 2019 build 10.0.17763.8644 or later, Windows Server 2022 build 10.0.20348.5020 or later, Windows Server 2022 23H2 Edition build 10.0.25398.2274 or later, and Windows Server 2025 build 10.0.26100.32690 or later. Download patches from Microsoft Update Catalog or configure automatic updates. No workarounds are available; patching is the only effective mitigation. Refer to the official Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33098 for deployment guidance and known issues.

Share

EUVD-2026-22619 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy