Skip to main content

Windows NTFS EUVDEUVD-2026-35559

| CVE-2026-45636 HIGH
Improper Input Validation (CWE-20)
2026-06-09 secure@microsoft.com GHSA-6798-vf82-f698
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 09, 2026 - 19:03 EUVD
Analysis Generated
Jun 09, 2026 - 18:07 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.8

DescriptionNVD

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

AnalysisAI

Local code execution in Windows NTFS allows an unauthorized attacker to run arbitrary code on the target system by triggering a heap-based buffer overflow, with no public exploit identified at time of analysis. The CVSS 7.8 rating reflects high impact across confidentiality, integrity, and availability, but exploitation requires local vector and user interaction. Microsoft (secure@microsoft.com) is the assigning CNA, indicating a first-party vendor advisory via MSRC.

Technical ContextAI

NTFS (New Technology File System) is the default file system driver for Windows, implemented in the kernel-mode ntfs.sys driver. CWE-20 (Improper Input Validation) is the assigned root cause class, manifesting here as a heap-based buffer overflow - meaning attacker-controlled input is not properly validated for size or structure before being written to a heap allocation, corrupting adjacent memory. Because NTFS parsing runs in kernel context, memory corruption in this code path is a classic vector for local privilege escalation and kernel code execution. No CPE strings were provided in the input, so the precise affected Windows builds must be retrieved from the MSRC advisory.

RemediationAI

Patch available per vendor advisory: apply the Microsoft security update referenced at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45636, which lists the exact KB numbers for each affected Windows SKU; exact fix build numbers were not included in the input data and must be retrieved from MSRC. Until the update is deployed, compensating controls include blocking the mounting of untrusted external volumes and disk images (group policy can restrict removable storage and disable automount of VHD/VHDX files, at the cost of blocking legitimate external drive use), restricting the ability of standard users to open arbitrary file attachments via attachment manager and Mark-of-the-Web enforcement, and monitoring endpoint telemetry for NTFS parser crashes and ntfs.sys faults that may indicate exploitation attempts. Avoid disabling NTFS itself, as it is the primary Windows file system and not a feasible workaround.

Share

EUVD-2026-35559 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy