Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Microsoft Windows Kernel allows an authenticated low-privileged user to elevate to SYSTEM by triggering a use-after-free condition (CWE-416). The flaw carries a CVSS 7.8 score with local attack vector and low privileges required, and no public exploit has been identified at time of analysis. Microsoft Security Response Center (MSRC) is the sole referenced authoritative source, indicating this is a vendor-discovered and vendor-tracked issue.
Technical ContextAI
The vulnerability resides in the Windows Kernel - the privileged core of the NT operating system responsible for memory management, process scheduling, and hardware abstraction. CWE-416 (Use After Free) describes a memory-safety defect where code references heap memory after it has been deallocated; in a kernel context, attackers can reclaim the freed object with attacker-controlled data, manipulate dangling pointers, and corrupt kernel structures to gain arbitrary kernel-mode read/write or execution primitives. The tagging of 'Denial Of Service' alongside 'Memory Corruption' is consistent with UAF behavior, which can manifest as either a bugcheck (BSOD) or, when exploited carefully, full SYSTEM-level code execution.
RemediationAI
Apply the security update referenced in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583 as soon as it is released through Windows Update, WSUS, or your endpoint patch management tooling; exact KB numbers and build versions are published per Windows SKU on that page and were not provided in the input data. As compensating controls until patches can be deployed, restrict interactive and remote-desktop logon to trusted administrators on sensitive hosts (reduces the pool of attackers who can reach the local attack surface), enable Microsoft Defender Attack Surface Reduction rules that block child-process creation from Office and script hosts (raises the bar for getting any local code running), and ensure Credential Guard and HVCI/VBS are enabled where supported (HVCI specifically mitigates many kernel exploitation primitives but may impact older drivers and virtualization workloads). No patch version was provided in the input data, so confirm the exact fix build from MSRC before declaring systems remediated.
Same weakness CWE-416 – Use After Free
View allSame technique Use After Free
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35527
GHSA-87hw-q346-25ww