Skip to main content

Information Disclosure

66580 CVEs technique

Monthly

CVE-2026-50420 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
6.2
EPSS
0.4%
CVE-2026-50438 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft PC Manager lets an already-authenticated low-privileged user abuse improper symbolic/hard link resolution (CWE-59) to gain higher privileges, likely SYSTEM given the CVSS scope change. Rated CVSS 8.8, the flaw carries high confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available via MSRC.

Microsoft Information Disclosure Microsoft Pc Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-50453 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2026-50431 MEDIUM PATCH This Month

Windows Quality of Service (QoS) Packet Scheduler Information Disclosure Vulnerability

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-50399 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an authenticated low-privileged user to elevate to higher (likely SYSTEM-level) privileges by triggering an out-of-bounds read condition. The flaw affects a broad range of currently supported Windows client and server builds, from Windows 10 21H2 through Windows 11 26H1 and Windows Server 2022/2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50456 MEDIUM PATCH This Month

Windows File Explorer on a wide range of Microsoft Windows client and server versions exposes sensitive information to locally authenticated standard users, achieving high confidentiality impact without requiring elevated privileges. The flaw (CWE-200) is confined to the local attack surface - CVSS AV:L/PR:L - meaning the attacker must already hold an interactive session on the target system. No public exploit code and no CISA KEV listing have been identified at time of analysis; a vendor patch is available through Microsoft Security Response Center.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50389 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-50442 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50473 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50462 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an already-authenticated local attacker to gain elevated (SYSTEM-level) privileges across a broad range of Windows client and server releases from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Reported internally by Microsoft with a patch available, the flaw carries CVSS 7.8 with full confidentiality, integrity, and availability impact but no confirmed active exploitation; no public exploit identified at time of analysis.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50441 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Resilient File System (ReFS) lets an authenticated local attacker gain elevated (SYSTEM-level) privileges by triggering an untrusted pointer dereference in the ReFS driver. It affects a broad range of Windows 10, Windows 11, and Windows Server 2016-2025 builds. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, so risk is currently patch-and-move rather than emergency.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50409 MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Windows Overlay Filter allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50402 HIGH PATCH This Week

Local privilege escalation in the Windows NTFS file-system driver lets an authenticated low-privileged user gain elevated (likely SYSTEM) privileges by exploiting an incorrect conversion between numeric types (CWE-681). Affected platforms span Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Microsoft reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50455 MEDIUM PATCH This Month

Local information disclosure in Windows Universal Plug and Play (upnp.dll) exposes sensitive memory contents to authorized low-privilege users across a wide range of Windows 10, Windows 11, and Windows Server releases. The flaw stems from use of an uninitialized resource (CWE-908), meaning the UPnP service reads from memory that has not been properly initialized before use, potentially leaking stale heap or stack contents. No active exploitation has been confirmed and no public exploit code has been identified at time of analysis; a vendor patch is available via the Microsoft Security Response Center.

Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +14
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-50367 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Sensor Data Service allows an authenticated low-privileged user to gain full SYSTEM-level control on affected Windows 10, Windows 11, and Windows Server (2019-2025) systems. The flaw stems from incorrect access to an indexable resource (a range/bounds error, CWE-118) and yields high confidentiality, integrity, and availability impact per the CVSS 7.8 vector. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50421 HIGH PATCH This Week

Local privilege escalation in the Windows Connected User Experiences and Telemetry service (DiagTrack) lets an already-authenticated user run arbitrary code with SYSTEM-level rights by triggering a CWE-843 type-confusion condition. The flaw affects a broad range of currently-supported Windows client and server builds, from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Memory Corruption Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50422 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows NTFS file-system driver lets an already-authenticated low-privileged user read memory outside allocated bounds (CWE-125) to gain elevated privileges. It affects a broad Windows fleet spanning Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50385 HIGH PATCH This Week

Local privilege escalation in the Windows Runtime affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a race condition (CWE-362) in the improperly synchronized handling of a shared resource lets an already-authenticated attacker win a timing window to gain higher privileges. Microsoft reported and patched the issue; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 8.8 with scope-changed impact reflects that a low-privileged local user could reach full SYSTEM-level control of confidentiality, integrity, and availability.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-50469 HIGH PATCH This Week

Local privilege escalation in the Windows Projected File System (ProjFS) driver lets an authenticated low-privileged attacker abuse a symbolic-link/junction race (CWE-59 link following) to redirect a privileged file operation and gain SYSTEM-level rights across Windows 10 (1809-22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50437 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-50382 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in the Windows DirectX graphics component (CVE-2026-50382) lets an already-authenticated user run arbitrary code and, because the CVSS scope is Changed, break out of the calling security context to compromise the wider system. It affects a broad range of Windows client and server builds from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025. Microsoft has issued a patch; there is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-50352 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-50334 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Notification allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50405 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Filtering Platform (WFP) lets an authenticated low-privileged user gain higher privileges on affected Windows 10, Windows 11, and Windows Server systems (Server 2012 through Server 2025). Rooted in insufficient access-control granularity (CWE-1220), a local attacker with a valid session can manipulate WFP to reach SYSTEM-level access. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft rates the confidentiality, integrity, and availability impact as High.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50376 MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2026-50401 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-50378 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Key Guard affecting Windows 10 (1809/21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025 allows an already-authenticated local attacker to win a race condition (CWE-362) and gain higher privileges. Reported by Microsoft with a patch now available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 rating reflects full confidentiality, integrity, and availability impact once the timing window is exploited.

Microsoft Race Condition Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50403 HIGH PATCH This Week

Local privilege escalation in the Windows Runtime component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an already-authenticated local attacker to win a race condition and gain higher privileges. The flaw was reported by Microsoft, which has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high CVSS complexity (AC:H) reflects that the attacker must reliably win a timing window, tempering real-world exploitability despite the full compromise of confidentiality, integrity, and availability once triggered.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50463 HIGH PATCH Exploit Unlikely This Week

Information disclosure in the Windows Kernel allows a remote, unauthenticated attacker to read out-of-bounds memory and leak sensitive data across all currently supported Windows client and server builds (Windows 10 1809/21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2019/2022/2025). The CVSS 3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N, high confidentiality impact only). There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, no-privilege, no-interaction profile makes it a broadly applicable patch-now item.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-50379 HIGH PATCH This Week

Elevation of privilege in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an authorized attacker to win a race condition and gain higher privileges over a network. The CVSS 3.1 base score is 7.5 with full confidentiality, integrity, and availability impact, though the high attack complexity reflects the timing precision needed to exploit the flaw. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +1
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-50414 HIGH PATCH This Week

Elevation of privilege in the Windows Media component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an already-authorized (PR:L) network attacker to win a race condition and gain higher privileges, with full confidentiality, integrity, and availability impact. Microsoft self-reported the flaw and has released a patch; there is no public exploit identified at time of analysis and it is not on the CISA KEV list. High attack complexity (AC:H) reflects the timing precision needed to exploit the race reliably.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-50398 HIGH PATCH This Week

Elevation of privilege in the Windows Media component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated attacker to win a race condition and gain higher privileges over the network. The CVSS 3.1 score of 8.8 reflects low-privilege network exploitation with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and this CVE is not listed in CISA KEV, though Microsoft has released a patch.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-50371 HIGH PATCH This Week

Local privilege escalation in Microsoft Windows via the LUAFV (LUA File Virtualization, luafv.sys) driver allows an already-authenticated low-privileged user to win a timing race and elevate to SYSTEM/administrator on affected Windows client and server builds. The flaw stems from improper synchronization around a shared resource (CWE-362) and carries a CVSS 7.0 (AV:L/AC:H/PR:L) reflecting a local, high-complexity attack. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50388 HIGH PATCH Exploit Unlikely This Week

Local code execution in the Microsoft Windows NTFS driver stems from an out-of-bounds read (CWE-125) that an attacker can leverage to run arbitrary code on affected systems, spanning Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. Exploitation requires local access and user interaction (AV:L/UI:R), typically opening or mounting a maliciously crafted file or volume, but no prior authentication (PR:N). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-50428 HIGH PATCH Exploit Unlikely This Week

Local information disclosure in the Windows Container Isolation FS Filter Driver (unionfs.sys) on Windows 11 version 26H1 allows an authorized low-privileged user to read memory outside intended bounds and disclose sensitive kernel or process data. The flaw was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis. CVSS 7.1 (AV:L) reflects local access with low privileges but high confidentiality impact.

Buffer Overflow Microsoft Information Disclosure Windows 11 Version 26H1
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-50416 LOW PATCH Exploit Unlikely Monitor

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2026-50404 HIGH PATCH This Week

Local privilege elevation in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an already-authenticated local attacker to win a race condition and gain higher privileges on the host. The flaw is a concurrency/synchronization defect (CWE-362) reported by Microsoft itself; no public exploit identified at time of analysis and it is not listed in CISA KEV. Exploitation is rated high-complexity because the attacker must reliably win a timing window, which tempers the otherwise high confidentiality, integrity, and availability impact.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +1
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50317 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows (Windows 11 24H2/25H2/26H1 and Windows Server 2025) allows an authorized attacker to win a race condition on an improperly synchronized shared resource and elevate to higher privileges. Reported by Microsoft with a vendor patch available, there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV. The CVSS 7.8 (High) reflects full confidentiality, integrity and availability impact once local, low-privilege access is obtained.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50361 HIGH PATCH This Week

Local privilege elevation in the Windows Brokering File System (bfs.sys/brokering component) lets an authenticated low-privileged user corrupt kernel memory via a double free (CWE-415) to gain SYSTEM-level privileges on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. A Microsoft-released patch is available. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; EPSS data was not provided.

Microsoft Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50322 HIGH PATCH This Week

Local privilege escalation in the Windows Runtime (WinRT) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a race condition (CWE-362) in the handling of a shared resource allows an already-authenticated low-privileged attacker to win a timing window and elevate to higher privileges. Exploitation requires winning a non-deterministic race (AC:H) and low-level access to the target host (PR:L, AV:L), and there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Microsoft has published an advisory and released a patch.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50345 HIGH PATCH This Week

Local privilege escalation in the Windows Runtime (WinRT) component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to win a race condition and gain higher privileges. The flaw stems from improper synchronization of a shared resource (CWE-362); successful exploitation yields high confidentiality, integrity, and availability impact. No public exploit is identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50390 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Kernel (CVE-2026-50390) lets an already-authenticated attacker abuse a type-confusion condition to run code with elevated (SYSTEM-level) privileges on affected Windows client and server builds ranging from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. Microsoft has shipped a fix and there is no public exploit identified at time of analysis, but as a kernel EoP it is a classic second-stage building block for turning a foothold into full host compromise. CVSS is 7.0 (High), reflecting high attack complexity but full confidentiality, integrity, and availability impact once triggered.

Microsoft Memory Corruption Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50377 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50357 HIGH PATCH This Week

Local code execution in Microsoft's Resilient File System (ReFS) driver lets an already-authenticated, low-privileged user on affected Windows 10, Windows 11, and Windows Server 2016–2025 systems escalate to code execution through a numeric truncation flaw (CWE-197). No public exploit has been identified at time of analysis, and it is not on CISA KEV, but Microsoft has released a patch. Note a data conflict: the description states code execution and the CVSS carries C:H/I:H/A:H, yet the vendor tags label it 'Information Disclosure' — the CVSS-backed local elevation-of-privilege reading is treated as authoritative here.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50310 MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Windows Devices Human Interface allows an authorized attacker to disclose information locally.

Information Disclosure Microsoft Integer Overflow Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2026-50430 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50339 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50434 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +5
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50321 HIGH PATCH This Week

Local privilege escalation in the Microsoft Windows USB Driver (kernel-mode) lets an already-authenticated low-privileged user win a race condition (CWE-362) to elevate to SYSTEM. The flaw spans a broad Windows fleet from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available from Microsoft.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50440 HIGH PATCH This Week

Local privilege escalation in the Windows Audio Service (Windows 11 versions 24H2, 25H2, and 26H1) lets an authenticated low-privileged user win a race condition to elevate to SYSTEM-level privileges. The flaw is a concurrent-access synchronization defect (CWE-362) reported by Microsoft with a CVSS 3.1 base score of 7.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Because Audio Service runs as a privileged host process on virtually every Windows 11 desktop, this is a broadly relevant patch-Tuesday-class EoP.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50419 LOW PATCH Monitor

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2026-50337 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Notification component lets an already-authenticated low-privileged user elevate to higher privileges (SYSTEM) across a broad range of Windows 10, Windows 11, and Windows Server releases. The flaw stems from an incorrect type conversion/cast (CWE-704) and carries a CVSS 7.8 (AV:L/AC:L/PR:L/UI:N) with high confidentiality, integrity, and availability impact. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50360 HIGH PATCH This Week

Privilege escalation in Microsoft Windows SMB Server allows an already-authenticated network attacker to elevate to higher privileges by abusing a flawed authentication algorithm, yielding high confidentiality, integrity, and availability impact. The flaw affects Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2022/2025 including Server Core. Reported by Microsoft with a patch available; no public exploit identified at time of analysis.

Microsoft Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +5
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-50364 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Server Backup (WBADMIN component shipped with Windows 10 21H2/22H2 and Windows 11 24H2/25H2/26H1) lets an authorized, low-privileged user abuse a symbolic-link/junction race so that a backup operation acts on an attacker-chosen path, yielding SYSTEM-level access. Microsoft has released a patch and reported the flaw itself; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Successful exploitation requires local access plus user interaction, which lowers the realistic threat relative to the 7.3 base score.

Microsoft Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +2
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2026-50300 MEDIUM PATCH Exploit Unlikely This Month

Integer underflow in the Windows Kernel enables a locally authenticated attacker to disclose sensitive kernel memory contents across a broad range of Windows 10, Windows 11, and Windows Server platforms. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms that any low-privilege local user can trigger the flaw without special configuration or user interaction, yielding high confidentiality impact with no integrity or availability consequences. Microsoft has released a patch via the July 2026 Security Update Guide; no public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-50381 MEDIUM PATCH Exploit Unlikely This Month

Access of resource using incompatible type ('type confusion') in Composite Image File System Driver allows an authorized attacker to disclose information locally.

Memory Corruption Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +5
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-50350 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +4
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50384 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Clip Service (clipboard/cloud clipboard component, cbdhsvc) affects a broad range of Windows 10, Windows 11, and Windows Server 2019-2025 builds, where a race condition in concurrent access to a shared resource lets an already-authenticated local attacker win a timing window to gain higher privileges. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Note a source conflict: the description and CWE describe privilege elevation with high confidentiality/integrity/availability impact, while the intelligence tags label it 'Information Disclosure' - treat the primary impact as local EoP per the CVSS vector.

Microsoft Race Condition Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50356 HIGH PATCH This Week

Local privilege escalation in the Microsoft Windows App Store (AppX/package deployment component) allows an authorized, low-privileged user to win a race condition and gain higher privileges on affected Windows client and server builds spanning Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Exploitation requires local access and already-held low privileges, and the high attack complexity reflects the timing precision needed to win the race. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50316 MEDIUM PATCH Exploit Unlikely This Month

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +5
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-49808 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Kernel affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a race condition (CWE-362) in the synchronization of a shared kernel resource lets an authenticated low-privileged local user win a timing window to gain higher privileges. The CVSS 3.1 score is 7.8 with a scope-changed vector, the flaw was reported by Microsoft, and a patch is available. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49807 MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Windows DirectX allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
6.2
EPSS
0.4%
CVE-2026-49803 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows AppX Deployment Service (AppXSvc) lets an already-authenticated, low-privileged user win a race condition to elevate to higher privileges across a broad range of Windows client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025). The flaw stems from improper synchronization of a shared resource, and successful exploitation yields full confidentiality, integrity, and availability impact on the host. It is reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-49806 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows USB Print Driver affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a race condition (improper synchronization of a shared resource) lets an already-authenticated local user win a timing window to execute code at elevated privilege. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not on CISA KEV. The high CVSS attack complexity (AC:H) reflects that the attacker must reliably win a narrow race, which tempers real-world exploitability.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-49802 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows USB Print Driver on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an already-authenticated local user to win a timing race and elevate to SYSTEM-level privileges. The flaw is a race condition (CWE-362) reported by Microsoft; a vendor patch is available, and there is no public exploit identified at time of analysis. Exploitation is constrained by high attack complexity (winning the race window) but yields full confidentiality, integrity, and availability impact once achieved.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-49801 MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-50294 MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive system information to an unauthorized control sphere in Windows Kernel allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.2
EPSS
0.4%
CVE-2026-49794 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2026-49792 HIGH PATCH This Week

Local code execution in Microsoft's Resilient File System (ReFS) driver allows an authorized (low-privileged) attacker to run arbitrary code with elevated context via a numeric truncation flaw. The bug affects the ReFS component shipped with Windows 10, Windows 11, and Windows Server 2016 through 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; note that the CVE's own tags label it 'Information Disclosure' while the description and CVSS impact (C:H/I:H/A:H) describe full code execution - the code-execution reading should be treated as authoritative.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-49791 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Routing and Remote Access Service (RRAS) allows an already-authenticated low-privileged user to abuse a link-following (symlink/junction) flaw to gain higher privileges on the host. The bug affects a broad range of client and server SKUs from Windows Server 2012 through Windows Server 2025 and Windows 10 1607 through Windows 11 26H1, and Microsoft has shipped a fix. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-49790 HIGH PATCH Exploit Unlikely This Week

Elevation of privilege in the Windows Universal Disk Format File System driver (UDFS.sys) lets a low-privileged local user gain elevated (kernel/SYSTEM) rights after the victim mounts or opens a maliciously crafted UDF volume. The flaw stems from an integer arithmetic error (CWE-191) in the driver that parses UDF-formatted media such as ISO images, optical discs, and virtual disk files, and affects a broad range of Windows client and server releases from Windows Server 2012 and Windows 10 1607 through Windows 11 26H1 and Windows Server 2025. Microsoft reported the issue and has shipped a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Information Disclosure Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2026-49183 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Clipboard Server (Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025) allows an already-authenticated low-privileged user to win a race condition and gain higher privileges on the host. Microsoft credits its own researchers and has shipped a fix; there is no public exploit identified at time of analysis and the CVSS base score is 7.0 (High). The high attack complexity reflects the timing precision needed to exploit the race, which meaningfully limits reliable weaponization.

Microsoft Race Condition Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-49180 MEDIUM PATCH Exploit Unlikely This Month

Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +14
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-48581 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Surface devices (Go, Hub, Laptop Go/Go 3, Pro/Pro 8, Laptop 4 AMD/Intel, Windows Dev Kit) allows an authenticated low-privileged user to gain higher privileges through insufficiently granular access control (CWE-1220) in the device firmware/platform layer. The flaw carries a CVSS 7.8 (High) with full confidentiality, integrity, and availability impact once exploited, but requires prior local access. No public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a fix via MSRC.

Microsoft Information Disclosure Microsoft Surface Go Microsoft Surface Hub Microsoft Surface Laptop Go +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-44800 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Push Notifications component (WPN) affects Windows 11 (23H2, 24H2, 25H2, 26H1) and Windows Server 2025 including Server Core, where a race condition (CWE-362) lets an authorized local user win a timing window on a shared resource to run code at a higher privilege level. Microsoft reported the issue and has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Note a signal conflict: the description and CVSS impact frame this as privilege elevation, while the vendor tags also list 'Information Disclosure' - the primary impact should be treated as EoP pending vendor clarification.

Microsoft Race Condition Information Disclosure Windows 11 Version 23H2 Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-34348 MEDIUM PATCH Exploit Unlikely This Month

Windows Event Logging Service across a wide range of Windows 10, Windows 11, and Windows Server versions fails to enforce its intended protection mechanisms, permitting any authenticated low-privileged network user to read information that should be access-controlled. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) confirms exploitation requires only a valid low-privilege account and network connectivity, with no user interaction and no elevated rights - making it a practical post-compromise lateral-movement or reconnaissance tool. No public exploit code has been identified and this CVE is not listed in CISA KEV at time of analysis, but the ubiquitous deployment footprint across the Windows ecosystem elevates organizational exposure.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +9
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2026-41087 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-40422 MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-34328 MEDIUM PATCH This Month

Windows Audio Service on multiple Windows desktop and server versions improperly exposes sensitive information to locally authenticated standard users, enabling information disclosure without requiring elevated privileges. Affecting Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 (with Server 2022 and 2025 referenced in tags), the flaw is exploitable post-foothold by any low-privileged local account, making it a realistic post-exploitation pivot rather than an initial access vector. No public exploit code has been identified at time of analysis, and a vendor-released patch is confirmed available via the Microsoft Security Response Center.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +9
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-33842 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +14
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-58636 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft PC Manager allows an authenticated low-privileged user to gain elevated (typically SYSTEM/administrator) privileges by abusing improper link resolution before file access (CWE-59). Reported by Microsoft with a patch available via MSRC; no public exploit identified at time of analysis and not listed in CISA KEV. The CVSS 7.8 score reflects high confidentiality, integrity, and availability impact once the local, low-privilege prerequisites are met.

Information Disclosure Microsoft Pc Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58614 MEDIUM PATCH This Month

Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-58609 HIGH PATCH This Week

Local code execution in the Microsoft Graphics Component affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). An attacker who convinces a user to open a specially crafted file or content triggers an out-of-bounds read (CWE-125) that Microsoft rates as enabling code execution with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; exploitation requires local access plus user interaction, making it a standard patch-cycle priority rather than an emergency.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58608 HIGH PATCH NEWS Exploit Unlikely This Week

Network code execution in the Windows Print Spooler service allows an authenticated attacker to win a synchronization race and run arbitrary code across a broad range of Windows client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025). Microsoft rates it CVSS 8.8 with high confidentiality, integrity, and availability impact; a vendor patch is available, and there is no public exploit identified at time of analysis. Note that the CVE description and CVSS indicate remote code execution while the source tags label it 'Information Disclosure' — a discrepancy defenders should verify against the MSRC advisory.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-57979 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +14
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2026-56193 HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) via an out-of-bounds read (CWE-125) lets an attacker leak sensitive memory contents when a victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.1 (AV:L/AC:L/PR:N/UI:R), reflecting local exploitation that requires user interaction but no prior authentication. Microsoft is the reporting source and has published a fix; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Office 2016 +6
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2026-56155 HIGH POC KEV PATCH THREAT Exploited Act Now

Local privilege escalation in Microsoft Active Directory Federation Services (AD FS) lets an already-authenticated low-privileged user on the host gain higher privileges due to insufficient granularity of access control (CWE-1220). Affected deployments span AD FS on Windows Server 2012 through Windows Server 2025, and the flaw carries a CVSS 7.8 with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so this is a patch-priority-driven rather than exploitation-driven risk.

Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows Server 2012 Windows Server 2012 Server Core Installation +9
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
Threat
4.6
CVE-2026-54988 MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2026-54108 MEDIUM PATCH Exploit Unlikely This Month

External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Microsoft Information Disclosure Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2026-55144 HIGH PATCH This Week

Local tampering in Windows CryptoAPI (Crypt32) on Windows 11 (24H2/25H2/26H1) and Windows Server 2022/2025 stems from a missing cryptographic step, letting an authenticated local attacker undermine the integrity and confidentiality of cryptographically protected data. Microsoft rates it 7.1 (High) with high confidentiality and integrity impact; there is no public exploit identified at time of analysis and it is not on the CISA KEV list. A vendor patch is available through the MSRC update guide.

Microsoft Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +3
NVD
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 6.2
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +5
NVD
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft PC Manager lets an already-authenticated low-privileged user abuse improper symbolic/hard link resolution (CWE-59) to gain higher privileges, likely SYSTEM given the CVSS scope change. Rated CVSS 8.8, the flaw carries high confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available via MSRC.

Microsoft Information Disclosure Microsoft Pc Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows Quality of Service (QoS) Packet Scheduler Information Disclosure Vulnerability

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an authenticated low-privileged user to elevate to higher (likely SYSTEM-level) privileges by triggering an out-of-bounds read condition. The flaw affects a broad range of currently supported Windows client and server builds, from Windows 10 21H2 through Windows 11 26H1 and Windows Server 2022/2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows File Explorer on a wide range of Microsoft Windows client and server versions exposes sensitive information to locally authenticated standard users, achieving high confidentiality impact without requiring elevated privileges. The flaw (CWE-200) is confined to the local attack surface - CVSS AV:L/PR:L - meaning the attacker must already hold an interactive session on the target system. No public exploit code and no CISA KEV listing have been identified at time of analysis; a vendor patch is available through Microsoft Security Response Center.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an already-authenticated local attacker to gain elevated (SYSTEM-level) privileges across a broad range of Windows client and server releases from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Reported internally by Microsoft with a patch available, the flaw carries CVSS 7.8 with full confidentiality, integrity, and availability impact but no confirmed active exploitation; no public exploit identified at time of analysis.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Resilient File System (ReFS) lets an authenticated local attacker gain elevated (SYSTEM-level) privileges by triggering an untrusted pointer dereference in the ReFS driver. It affects a broad range of Windows 10, Windows 11, and Windows Server 2016-2025 builds. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, so risk is currently patch-and-move rather than emergency.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Windows Overlay Filter allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows NTFS file-system driver lets an authenticated low-privileged user gain elevated (likely SYSTEM) privileges by exploiting an incorrect conversion between numeric types (CWE-681). Affected platforms span Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Microsoft reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Local information disclosure in Windows Universal Plug and Play (upnp.dll) exposes sensitive memory contents to authorized low-privilege users across a wide range of Windows 10, Windows 11, and Windows Server releases. The flaw stems from use of an uninitialized resource (CWE-908), meaning the UPnP service reads from memory that has not been properly initialized before use, potentially leaking stale heap or stack contents. No active exploitation has been confirmed and no public exploit code has been identified at time of analysis; a vendor patch is available via the Microsoft Security Response Center.

Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Sensor Data Service allows an authenticated low-privileged user to gain full SYSTEM-level control on affected Windows 10, Windows 11, and Windows Server (2019-2025) systems. The flaw stems from incorrect access to an indexable resource (a range/bounds error, CWE-118) and yields high confidentiality, integrity, and availability impact per the CVSS 7.8 vector. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Connected User Experiences and Telemetry service (DiagTrack) lets an already-authenticated user run arbitrary code with SYSTEM-level rights by triggering a CWE-843 type-confusion condition. The flaw affects a broad range of currently-supported Windows client and server builds, from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Memory Corruption Information Disclosure +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows NTFS file-system driver lets an already-authenticated low-privileged user read memory outside allocated bounds (CWE-125) to gain elevated privileges. It affects a broad Windows fleet spanning Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation in the Windows Runtime affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a race condition (CWE-362) in the improperly synchronized handling of a shared resource lets an already-authenticated attacker win a timing window to gain higher privileges. Microsoft reported and patched the issue; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 8.8 with scope-changed impact reflects that a low-privileged local user could reach full SYSTEM-level control of confidentiality, integrity, and availability.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Projected File System (ProjFS) driver lets an authenticated low-privileged attacker abuse a symbolic-link/junction race (CWE-59 link following) to redirect a privileged file operation and gain SYSTEM-level rights across Windows 10 (1809-22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +14
NVD
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in the Windows DirectX graphics component (CVE-2026-50382) lets an already-authenticated user run arbitrary code and, because the CVSS scope is Changed, break out of the calling security context to compromise the wider system. It affects a broad range of Windows client and server builds from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025. Microsoft has issued a patch; there is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Notification allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Filtering Platform (WFP) lets an authenticated low-privileged user gain higher privileges on affected Windows 10, Windows 11, and Windows Server systems (Server 2012 through Server 2025). Rooted in insufficient access-control granularity (CWE-1220), a local attacker with a valid session can manipulate WFP to reach SYSTEM-level access. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft rates the confidentiality, integrity, and availability impact as High.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Key Guard affecting Windows 10 (1809/21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025 allows an already-authenticated local attacker to win a race condition (CWE-362) and gain higher privileges. Reported by Microsoft with a patch now available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 rating reflects full confidentiality, integrity, and availability impact once the timing window is exploited.

Microsoft Race Condition Information Disclosure +11
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Windows Runtime component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an already-authenticated local attacker to win a race condition and gain higher privileges. The flaw was reported by Microsoft, which has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high CVSS complexity (AC:H) reflects that the attacker must reliably win a timing window, tempering real-world exploitability despite the full compromise of confidentiality, integrity, and availability once triggered.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 1% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Information disclosure in the Windows Kernel allows a remote, unauthenticated attacker to read out-of-bounds memory and leak sensitive data across all currently supported Windows client and server builds (Windows 10 1809/21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2019/2022/2025). The CVSS 3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N, high confidentiality impact only). There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, no-privilege, no-interaction profile makes it a broadly applicable patch-now item.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Elevation of privilege in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an authorized attacker to win a race condition and gain higher privileges over a network. The CVSS 3.1 base score is 7.5 with full confidentiality, integrity, and availability impact, though the high attack complexity reflects the timing precision needed to exploit the flaw. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure +3
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Elevation of privilege in the Windows Media component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an already-authorized (PR:L) network attacker to win a race condition and gain higher privileges, with full confidentiality, integrity, and availability impact. Microsoft self-reported the flaw and has released a patch; there is no public exploit identified at time of analysis and it is not on the CISA KEV list. High attack complexity (AC:H) reflects the timing precision needed to exploit the race reliably.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Elevation of privilege in the Windows Media component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated attacker to win a race condition and gain higher privileges over the network. The CVSS 3.1 score of 8.8 reflects low-privilege network exploitation with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and this CVE is not listed in CISA KEV, though Microsoft has released a patch.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Microsoft Windows via the LUAFV (LUA File Virtualization, luafv.sys) driver allows an already-authenticated low-privileged user to win a timing race and elevate to SYSTEM/administrator on affected Windows client and server builds. The flaw stems from improper synchronization around a shared resource (CWE-362) and carries a CVSS 7.0 (AV:L/AC:H/PR:L) reflecting a local, high-complexity attack. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in the Microsoft Windows NTFS driver stems from an out-of-bounds read (CWE-125) that an attacker can leverage to run arbitrary code on affected systems, spanning Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. Exploitation requires local access and user interaction (AV:L/UI:R), typically opening or mounting a maliciously crafted file or volume, but no prior authentication (PR:N). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Local information disclosure in the Windows Container Isolation FS Filter Driver (unionfs.sys) on Windows 11 version 26H1 allows an authorized low-privileged user to read memory outside intended bounds and disclose sensitive kernel or process data. The flaw was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis. CVSS 7.1 (AV:L) reflects local access with low privileges but high confidentiality impact.

Buffer Overflow Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Exploit Unlikely Monitor

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 11 Version 24H2 +4
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege elevation in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an already-authenticated local attacker to win a race condition and gain higher privileges on the host. The flaw is a concurrency/synchronization defect (CWE-362) reported by Microsoft itself; no public exploit identified at time of analysis and it is not listed in CISA KEV. Exploitation is rated high-complexity because the attacker must reliably win a timing window, which tempers the otherwise high confidentiality, integrity, and availability impact.

Microsoft Race Condition Information Disclosure +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows (Windows 11 24H2/25H2/26H1 and Windows Server 2025) allows an authorized attacker to win a race condition on an improperly synchronized shared resource and elevate to higher privileges. Reported by Microsoft with a vendor patch available, there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV. The CVSS 7.8 (High) reflects full confidentiality, integrity and availability impact once local, low-privilege access is obtained.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege elevation in the Windows Brokering File System (bfs.sys/brokering component) lets an authenticated low-privileged user corrupt kernel memory via a double free (CWE-415) to gain SYSTEM-level privileges on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. A Microsoft-released patch is available. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; EPSS data was not provided.

Microsoft Information Disclosure Windows 11 Version 24H2 +4
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Windows Runtime (WinRT) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a race condition (CWE-362) in the handling of a shared resource allows an already-authenticated low-privileged attacker to win a timing window and elevate to higher privileges. Exploitation requires winning a non-deterministic race (AC:H) and low-level access to the target host (PR:L, AV:L), and there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Microsoft has published an advisory and released a patch.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Windows Runtime (WinRT) component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to win a race condition and gain higher privileges. The flaw stems from improper synchronization of a shared resource (CWE-362); successful exploitation yields high confidentiality, integrity, and availability impact. No public exploit is identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Kernel (CVE-2026-50390) lets an already-authenticated attacker abuse a type-confusion condition to run code with elevated (SYSTEM-level) privileges on affected Windows client and server builds ranging from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. Microsoft has shipped a fix and there is no public exploit identified at time of analysis, but as a kernel EoP it is a classic second-stage building block for turning a foothold into full host compromise. CVSS is 7.0 (High), reflecting high attack complexity but full confidentiality, integrity, and availability impact once triggered.

Microsoft Memory Corruption Information Disclosure +18
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.

Buffer Overflow Microsoft Information Disclosure +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft's Resilient File System (ReFS) driver lets an already-authenticated, low-privileged user on affected Windows 10, Windows 11, and Windows Server 2016–2025 systems escalate to code execution through a numeric truncation flaw (CWE-197). No public exploit has been identified at time of analysis, and it is not on CISA KEV, but Microsoft has released a patch. Note a data conflict: the description states code execution and the CVSS carries C:H/I:H/A:H, yet the vendor tags label it 'Information Disclosure' — the CVSS-backed local elevation-of-privilege reading is treated as authoritative here.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Windows Devices Human Interface allows an authorized attacker to disclose information locally.

Information Disclosure Microsoft Integer Overflow +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 21H2 +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Microsoft Windows USB Driver (kernel-mode) lets an already-authenticated low-privileged user win a race condition (CWE-362) to elevate to SYSTEM. The flaw spans a broad Windows fleet from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available from Microsoft.

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Audio Service (Windows 11 versions 24H2, 25H2, and 26H1) lets an authenticated low-privileged user win a race condition to elevate to SYSTEM-level privileges. The flaw is a concurrent-access synchronization defect (CWE-362) reported by Microsoft with a CVSS 3.1 base score of 7.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Because Audio Service runs as a privileged host process on virtually every Windows 11 desktop, this is a broadly relevant patch-Tuesday-class EoP.

Microsoft Race Condition Information Disclosure +3
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Notification component lets an already-authenticated low-privileged user elevate to higher privileges (SYSTEM) across a broad range of Windows 10, Windows 11, and Windows Server releases. The flaw stems from an incorrect type conversion/cast (CWE-704) and carries a CVSS 7.8 (AV:L/AC:L/PR:L/UI:N) with high confidentiality, integrity, and availability impact. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Microsoft Windows SMB Server allows an already-authenticated network attacker to elevate to higher privileges by abusing a flawed authentication algorithm, yielding high confidentiality, integrity, and availability impact. The flaw affects Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2022/2025 including Server Core. Reported by Microsoft with a patch available; no public exploit identified at time of analysis.

Microsoft Information Disclosure Windows 10 Version 21H2 +7
NVD
EPSS 0% CVSS 7.3
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Server Backup (WBADMIN component shipped with Windows 10 21H2/22H2 and Windows 11 24H2/25H2/26H1) lets an authorized, low-privileged user abuse a symbolic-link/junction race so that a backup operation acts on an attacker-chosen path, yielding SYSTEM-level access. Microsoft has released a patch and reported the flaw itself; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Successful exploitation requires local access plus user interaction, which lowers the realistic threat relative to the 7.3 base score.

Microsoft Information Disclosure Windows 10 Version 21H2 +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Integer underflow in the Windows Kernel enables a locally authenticated attacker to disclose sensitive kernel memory contents across a broad range of Windows 10, Windows 11, and Windows Server platforms. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms that any low-privilege local user can trigger the flaw without special configuration or user interaction, yielding high confidentiality impact with no integrity or availability consequences. Microsoft has released a patch via the July 2026 Security Update Guide; no public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Integer Overflow +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Access of resource using incompatible type ('type confusion') in Composite Image File System Driver allows an authorized attacker to disclose information locally.

Memory Corruption Information Disclosure Windows 10 Version 21H2 +7
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 21H2 +6
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Clip Service (clipboard/cloud clipboard component, cbdhsvc) affects a broad range of Windows 10, Windows 11, and Windows Server 2019-2025 builds, where a race condition in concurrent access to a shared resource lets an already-authenticated local attacker win a timing window to gain higher privileges. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Note a source conflict: the description and CWE describe privilege elevation with high confidentiality/integrity/availability impact, while the intelligence tags label it 'Information Disclosure' - treat the primary impact as local EoP per the CVSS vector.

Microsoft Race Condition Information Disclosure +11
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Microsoft Windows App Store (AppX/package deployment component) allows an authorized, low-privileged user to win a race condition and gain higher privileges on affected Windows client and server builds spanning Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Exploitation requires local access and already-held low privileges, and the high attack complexity reflects the timing precision needed to win the race. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Race Condition Information Disclosure +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 21H2 +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Kernel affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a race condition (CWE-362) in the synchronization of a shared kernel resource lets an authenticated low-privileged local user win a timing window to gain higher privileges. The CVSS 3.1 score is 7.8 with a scope-changed vector, the flaw was reported by Microsoft, and a patch is available. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Windows DirectX allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows AppX Deployment Service (AppXSvc) lets an already-authenticated, low-privileged user win a race condition to elevate to higher privileges across a broad range of Windows client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025). The flaw stems from improper synchronization of a shared resource, and successful exploitation yields full confidentiality, integrity, and availability impact on the host. It is reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows USB Print Driver affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a race condition (improper synchronization of a shared resource) lets an already-authenticated local user win a timing window to execute code at elevated privilege. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not on CISA KEV. The high CVSS attack complexity (AC:H) reflects that the attacker must reliably win a narrow race, which tempers real-world exploitability.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows USB Print Driver on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an already-authenticated local user to win a timing race and elevate to SYSTEM-level privileges. The flaw is a race condition (CWE-362) reported by Microsoft; a vendor patch is available, and there is no public exploit identified at time of analysis. Exploitation is constrained by high attack complexity (winning the race window) but yields full confidentiality, integrity, and availability impact once achieved.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive system information to an unauthorized control sphere in Windows Kernel allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft's Resilient File System (ReFS) driver allows an authorized (low-privileged) attacker to run arbitrary code with elevated context via a numeric truncation flaw. The bug affects the ReFS component shipped with Windows 10, Windows 11, and Windows Server 2016 through 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; note that the CVE's own tags label it 'Information Disclosure' while the description and CVSS impact (C:H/I:H/A:H) describe full code execution - the code-execution reading should be treated as authoritative.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Routing and Remote Access Service (RRAS) allows an already-authenticated low-privileged user to abuse a link-following (symlink/junction) flaw to gain higher privileges on the host. The bug affects a broad range of client and server SKUs from Windows Server 2012 through Windows Server 2025 and Windows 10 1607 through Windows 11 26H1, and Microsoft has shipped a fix. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.3
HIGH PATCH Exploit Unlikely This Week

Elevation of privilege in the Windows Universal Disk Format File System driver (UDFS.sys) lets a low-privileged local user gain elevated (kernel/SYSTEM) rights after the victim mounts or opens a maliciously crafted UDF volume. The flaw stems from an integer arithmetic error (CWE-191) in the driver that parses UDF-formatted media such as ISO images, optical discs, and virtual disk files, and affects a broad range of Windows client and server releases from Windows Server 2012 and Windows 10 1607 through Windows 11 26H1 and Windows Server 2025. Microsoft reported the issue and has shipped a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Information Disclosure Microsoft Integer Overflow +18
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Clipboard Server (Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025) allows an already-authenticated low-privileged user to win a race condition and gain higher privileges on the host. Microsoft credits its own researchers and has shipped a fix; there is no public exploit identified at time of analysis and the CVSS base score is 7.0 (High). The high attack complexity reflects the timing precision needed to exploit the race, which meaningfully limits reliable weaponization.

Microsoft Race Condition Information Disclosure +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Surface devices (Go, Hub, Laptop Go/Go 3, Pro/Pro 8, Laptop 4 AMD/Intel, Windows Dev Kit) allows an authenticated low-privileged user to gain higher privileges through insufficiently granular access control (CWE-1220) in the device firmware/platform layer. The flaw carries a CVSS 7.8 (High) with full confidentiality, integrity, and availability impact once exploited, but requires prior local access. No public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a fix via MSRC.

Microsoft Information Disclosure Microsoft Surface Go +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Push Notifications component (WPN) affects Windows 11 (23H2, 24H2, 25H2, 26H1) and Windows Server 2025 including Server Core, where a race condition (CWE-362) lets an authorized local user win a timing window on a shared resource to run code at a higher privilege level. Microsoft reported the issue and has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Note a signal conflict: the description and CVSS impact frame this as privilege elevation, while the vendor tags also list 'Information Disclosure' - the primary impact should be treated as EoP pending vendor clarification.

Microsoft Race Condition Information Disclosure +6
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Windows Event Logging Service across a wide range of Windows 10, Windows 11, and Windows Server versions fails to enforce its intended protection mechanisms, permitting any authenticated low-privileged network user to read information that should be access-controlled. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) confirms exploitation requires only a valid low-privilege account and network connectivity, with no user interaction and no elevated rights - making it a practical post-compromise lateral-movement or reconnaissance tool. No public exploit code has been identified and this CVE is not listed in CISA KEV at time of analysis, but the ubiquitous deployment footprint across the Windows ecosystem elevates organizational exposure.

Microsoft Information Disclosure Windows 10 Version 1809 +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows Audio Service on multiple Windows desktop and server versions improperly exposes sensitive information to locally authenticated standard users, enabling information disclosure without requiring elevated privileges. Affecting Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 (with Server 2022 and 2025 referenced in tags), the flaw is exploitable post-foothold by any low-privileged local account, making it a realistic post-exploitation pivot rather than an initial access vector. No public exploit code has been identified at time of analysis, and a vendor-released patch is confirmed available via the Microsoft Security Response Center.

Microsoft Information Disclosure Windows 10 Version 1809 +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft PC Manager allows an authenticated low-privileged user to gain elevated (typically SYSTEM/administrator) privileges by abusing improper link resolution before file access (CWE-59). Reported by Microsoft with a patch available via MSRC; no public exploit identified at time of analysis and not listed in CISA KEV. The CVSS 7.8 score reflects high confidentiality, integrity, and availability impact once the local, low-privilege prerequisites are met.

Information Disclosure Microsoft Pc Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in the Microsoft Graphics Component affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). An attacker who convinces a user to open a specially crafted file or content triggers an out-of-bounds read (CWE-125) that Microsoft rates as enabling code execution with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; exploitation requires local access plus user interaction, making it a standard patch-cycle priority rather than an emergency.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Network code execution in the Windows Print Spooler service allows an authenticated attacker to win a synchronization race and run arbitrary code across a broad range of Windows client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025). Microsoft rates it CVSS 8.8 with high confidentiality, integrity, and availability impact; a vendor patch is available, and there is no public exploit identified at time of analysis. Note that the CVE description and CVSS indicate remote code execution while the source tags label it 'Information Disclosure' — a discrepancy defenders should verify against the MSRC advisory.

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) via an out-of-bounds read (CWE-125) lets an attacker leak sensitive memory contents when a victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.1 (AV:L/AC:L/PR:N/UI:R), reflecting local exploitation that requires user interaction but no prior authentication. Microsoft is the reporting source and has published a fix; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% 4.6 CVSS 7.8
HIGH POC KEV PATCH THREAT Exploited Act Now

Local privilege escalation in Microsoft Active Directory Federation Services (AD FS) lets an already-authenticated low-privileged user on the host gain higher privileges due to insufficient granularity of access control (CWE-1220). Affected deployments span AD FS on Windows Server 2012 through Windows Server 2025, and the flaw carries a CVSS 7.8 with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so this is a patch-priority-driven rather than exploitation-driven risk.

Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +11
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +9
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Microsoft Information Disclosure Microsoft Sharepoint Enterprise Server 2016 +2
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Local tampering in Windows CryptoAPI (Crypt32) on Windows 11 (24H2/25H2/26H1) and Windows Server 2022/2025 stems from a missing cryptographic step, letting an authenticated local attacker undermine the integrity and confidentiality of cryptographically protected data. Microsoft rates it 7.1 (High) with high confidentiality and integrity impact; there is no public exploit identified at time of analysis and it is not on the CISA KEV list. A vendor patch is available through the MSRC update guide.

Microsoft Information Disclosure Windows 11 Version 24H2 +5
NVD
Prev Page 3 of 740 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy