Skip to main content

Windows ProjFS EUVDEUVD-2026-35533

| CVE-2026-42828 HIGH
Buffer Over-read (CWE-126)
2026-06-09 secure@microsoft.com GHSA-f9fc-826q-m9w2
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 09, 2026 - 19:03 EUVD
Analysis Generated
Jun 09, 2026 - 17:36 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.8

DescriptionNVD

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in the Windows Projected File System (ProjFS) Filter Driver enables an authorized low-privileged user to elevate to higher privileges through a buffer over-read condition. The flaw affects Microsoft Windows installations where the ProjFS filter driver is present, and exploitation yields high impact across confidentiality, integrity, and availability. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged local account
Delivery
Open handle to ProjFS driver
Exploit
Send crafted IOCTL triggering over-read
Execution
Leak kernel memory to bypass KASLR
Persist
Drive primitive to kernel write
Impact
Elevate to SYSTEM

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already hold valid low-privileged interactive or programmatic access on the target Windows host (CVSS PR:L, AV:L) and requires the Windows Projected File System optional feature to be enabled so that prjflt.sys is loaded and reachable - ProjFS is not enabled by default on all SKUs and is most commonly present on developer workstations and build servers running VFS for Git/Scalar. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 7.8 with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H indicates a local, low-complexity attack requiring an already-authenticated low-privileged user, with no user interaction, and full CIA impact within the same scope - a textbook local elevation of privilege profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker first obtains low-privileged code execution on a Windows host - for example, via a phished user account, a compromised service account, or a foothold from another vulnerability - then runs a small native binary that opens a handle to the ProjFS driver and issues crafted IOCTL or callback inputs that trigger the over-read. The leaked kernel memory is used to defeat KASLR and/or pivot into an elevation primitive, ultimately yielding SYSTEM-level execution that enables credential theft and lateral movement. …
Remediation Apply the Microsoft security update referenced in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42828 via the monthly Patch Tuesday cumulative update for the affected Windows release - patch available per vendor advisory, with exact fix build numbers documented in that advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Windows systems with ProjFS filter driver enabled; enable detailed audit logging for privilege escalation attempts and process creation events. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-35533 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy