Severity by source
Sources disagree (Medium–Critical)AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionNVD
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
AnalysisAI
Windows Push Notifications on a broad range of Windows 10, Windows 11, and Windows Server editions leaks sensitive memory contents to locally authenticated low-privileged users through an uninitialized resource condition (CWE-908). The CVSS vector confirms local attack vector with low-privilege authentication requirement, no user interaction needed, and high confidentiality impact - meaning an attacker who has already obtained a standard user account can read residual memory data that could include tokens, credentials, or other sensitive artifacts. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a locally authenticated account with standard (low-privileged) user rights on the target system - confirmed by the CVSS vector AV:L/PR:L. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 5.5 medium score reflects the constrained attack surface: AV:L requires physical or logical local access, PR:L requires a valid low-privileged account, and S:U means the vulnerability cannot pivot to affect other system components directly. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained a standard low-privileged Windows account - through credential theft, social engineering, or insider access - invokes the Push Notifications API on an unpatched system to trigger the uninitialized resource read path, capturing residual heap or stack memory contents that may include authentication tokens, session data, or other sensitive artifacts left by previously executing processes. No public proof-of-concept code has been identified, so exploitation would currently require independent vulnerability research to identify the precise triggering condition within the Push Notifications subsystem. |
| Remediation | Apply the Microsoft security update corresponding to your Windows version as detailed in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42969. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-908 – Use of Uninitialized Resource
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35730
GHSA-rx6q-px4x-v8cf