Skip to main content

Windows Subsystem for Linux EUVDEUVD-2026-44279

| CVE-2026-57968 HIGH
Buffer Over-read (CWE-126)
2026-07-14 microsoft GHSA-ffj6-89cj-pgr8
7.8
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local EoP needing an existing standard-user foothold gives AV:L/PR:L, no bounds or interaction hurdles gives AC:L/UI:N, and successful elevation yields full C/I/A high with no scope change.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 18:54 vuln.today
CVE Published
Jul 14, 2026 - 17:09 nvd
HIGH 7.8

DescriptionCVE.org

Buffer over-read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Microsoft's Windows Subsystem for Linux (WSL2) allows a low-privileged authenticated user on the Windows host to elevate to higher privileges by triggering a buffer over-read (CWE-126). Microsoft (the reporting vendor) has released a fix via MSRC, and there is no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain low-priv local access on WSL host
Delivery
Invoke vulnerable WSL2 interop path
Exploit
Send crafted input triggering buffer over-read
Execution
Corrupt or leak privileged memory
Impact
Elevate to higher privileges

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already have local, authenticated access to the Windows host with at least low-level privileges (PR:L) and requires that WSL2 be installed and enabled on that host - a non-default component that must be explicitly added by the user or administrator. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H yields 7.8 (High): exploitation is local (AV:L), low complexity (AC:L), requires low privileges (PR:L), needs no user interaction (UI:N), does not cross a scope boundary (S:U), and grants full high impact across CIA. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already gained low-privileged code execution on a Windows machine with WSL2 installed (for example via phishing or a compromised standard user account) invokes the vulnerable WSL interop/service path with crafted input that triggers the buffer over-read, corrupting or leaking privileged memory to elevate to higher privileges. No user interaction is required and attack complexity is low. …
Remediation Patch available per vendor advisory: apply the Microsoft-released update referenced in the MSRC update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57968 (exact fixed version not enumerated in the provided data - obtain it from the MSRC page). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify all Windows systems with WSL2 enabled across the organization and prioritize critical servers and developer workstations. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-44279 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy