Skip to main content

Microsoft

17262 CVEs vendor

Monthly

CVE-2026-50685 HIGH PATCH This Week

Remote code execution in the Microsoft Windows DHCP Server role (Windows Server 2012 through 2025, plus Windows 10 1607/1809) arises from a double-free (CWE-415) condition that an authorized, network-adjacent attacker can trigger to run arbitrary code in the DHCP service context. The CVSS 3.1 vector (AV:N/AC:H/PR:L/UI:N) indicates a network-reachable but high-complexity attack requiring low-level privileges, with full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and no CISA KEV listing, so exploitation appears theoretical rather than active for now.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows Server 2012 +9
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-50682 HIGH PATCH This Week

Denial of service in Windows Active Directory allows an authenticated network attacker to crash or degrade the directory service via an out-of-bounds read (CWE-125). The flaw affects Active Directory across Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2022/2025 including Server Core; there is no public exploit identified at time of analysis. Impact is primarily availability (A:H) with a minor confidentiality leak (C:L), and Microsoft has released a patch.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 +6
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2026-50681 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-50680 HIGH PATCH NEWS Exploit Unlikely This Week

Local privilege escalation in Microsoft's Windows Hyper-V hypervisor allows an already-authenticated, high-privileged attacker to corrupt heap memory (CWE-122) and elevate to higher privileges on the host. The scope-changed CVSS 3.1 vector (8.2) reflects that a successful exploit can breach the guest/host virtualization boundary, impacting confidentiality, integrity, and availability of the underlying host. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; a Microsoft patch is available.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2026-50688 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an authenticated attacker to gain SYSTEM-level control by exploiting a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of Windows client and server builds - from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025 - and was reported by Microsoft with a patch available. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 3.1 base score is 7.8 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2026-50679 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Search Component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a heap-based buffer overflow lets an already-authenticated local attacker corrupt memory and elevate to higher privileges (up to SYSTEM). The CVSS 3.1 score of 7.8 reflects local-only attack with low privileges required and no user interaction, yielding full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-54115 HIGH PATCH This Week

Local privilege escalation in Windows Active Directory across a broad range of Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025) allows an authenticated local attacker to elevate privileges by triggering an integer overflow (CWE-190). Successful exploitation yields high confidentiality, integrity, and availability impact, effectively enabling escalation to SYSTEM-level control on the affected host. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has issued a patch via MSRC.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50677 HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Media (a component shipping in Windows 11 versions 24H2, 25H2, and 26H1) lets an authenticated local attacker execute code at elevated privilege by triggering a use-after-free (CWE-416) memory-corruption condition. Reported by Microsoft with a vendor patch available, it carries CVSS 7.8 (High) and can yield full confidentiality, integrity, and availability compromise of the host. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50676 HIGH PATCH This Week

Local privilege escalation in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an already-authenticated local attacker to win a race condition and gain SYSTEM-level privileges. Rated CVSS 7.8 (High), the flaw stems from improper synchronization of a shared resource; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Microsoft has released a patch via the MSRC update guide.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50674 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft's Windows USB Print Driver stems from a use-after-free (CWE-416) memory corruption flaw affecting Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. A low-privileged authenticated attacker who can execute code on the host and win a memory-timing race can corrupt kernel memory to gain higher (SYSTEM-level) privileges. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation is not currently observed in the wild.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50673 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an authenticated attacker gain elevated (SYSTEM-level) privileges by triggering a NULL pointer dereference (CWE-476) in kernel-mode code. The flaw affects a broad range of client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis.

Microsoft Denial Of Service Null Pointer Dereference Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50672 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows NTFS (New Technology File System) driver lets an already-authenticated low-privileged user corrupt kernel memory via a use-after-free (CWE-416) and elevate to SYSTEM. The flaw affects a broad Windows client and server matrix (Windows 10 1809 through Windows 11 26H1, Windows Server 2019/2022/2025). It has no public exploit identified at time of analysis and is not on CISA KEV, but as a Microsoft-reported, patched NTFS kernel bug it is a routine patch-priority item on standard Patch Tuesday cycles.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50670 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker read memory outside allocated bounds (CWE-125) and leverage it to elevate to SYSTEM across a broad range of client and server builds (Windows 10 1809 through Windows 11 26H1, Windows Server 2019 through 2025). Microsoft rates it CVSS 8.8 with a changed scope, and a vendor patch is available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-50669 HIGH PATCH This Week

Local privilege escalation in the Windows Telephony Service (TAPI) affects a broad range of Microsoft Windows client and server releases, from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. A local, low-privileged attacker who wins a race condition (CWE-362) in the service's handling of a shared resource can corrupt state and elevate to higher privileges, gaining full confidentiality, integrity, and availability impact on the host. There is no public exploit identified at time of analysis and it is not on CISA KEV; EPSS was not provided.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50668 MEDIUM PATCH This Month

Privilege escalation via heap-based buffer overflow in the Windows NTFS filesystem driver affects a broad range of Windows 10, Windows 11, and Windows Server versions, requiring only physical access to the target device - no OS credentials needed. An attacker with hands-on access to the hardware can trigger a heap overflow in NTFS processing to gain elevated privileges, potentially achieving full system compromise (High C/I/A). No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, but the combination of zero authentication requirements and critical-level impact makes it a realistic threat for physically accessible endpoints. A vendor-supplied patch is available via the Microsoft Security Response Center.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2026-50667 HIGH POC PATCH Exploit Likely This Week

Elevation of privilege in the Windows NTFS file-system driver lets an already-authenticated local user escalate to SYSTEM by winning a race condition (CWE-362) in the way NTFS handles a shared resource without proper synchronization. All currently supported Windows client and server builds are affected, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. There is no public exploit identified at time of analysis, but Microsoft has released a patch and rates the impact as full loss of confidentiality, integrity, and availability once exploited.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2026-50666 HIGH PATCH Exploit Unlikely This Week

Privilege escalation in the Windows Remote Access Connection Manager (RasMan) service lets an authenticated, low-privileged attacker corrupt memory over the network to gain higher privileges on affected Windows 10, 11, and Server systems. The flaw is a CWE-416 use-after-free carrying a CVSS 8.8 with high impact to confidentiality, integrity, and availability. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +15
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-50661 MEDIUM POC PATCH Exploit Unlikely This Month

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2026-50658 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Defender for Endpoint for macOS lets an authenticated local attacker exploit a time-of-check-to-time-of-use race to gain elevated privileges. The flaw (CWE-367) requires winning a timing window between when Defender validates a resource and when it acts on it, yielding high confidentiality, integrity, and availability impact. Microsoft has published a fix, and there is no public exploit identified at time of analysis.

Microsoft Information Disclosure Microsoft Defender For Endpoint For Mac
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50657 MEDIUM PATCH Exploit Unlikely This Month

Exposure of private personal information to an unauthorized actor in Microsoft Defender allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Microsoft Defender For Endpoint For Mac
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2026-50655 HIGH POC PATCH NEWS Exploit Likely This Week

Local code execution in the Windows Media component of supported Windows 10, Windows 11, and Windows Server (2016 through 2025) releases lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted media file. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis. CVSS is 7.8 (High), driven by full confidentiality, integrity, and availability impact but gated by local vector and required user interaction.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2026-50518 CRITICAL PATCH NEWS Exploit Likely Act Now

Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122) in the service's packet handling. The flaw carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and affects Windows Server 2012 through 2025 as well as the underlying Windows 10 1607/1809 code base. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the unauthenticated network RCE profile makes it a high-priority patch.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +11
NVD
CVSS 3.1
9.8
EPSS
7.4%
CVE-2026-50509 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Wireless Wide Area Network Service (WwanSvc) lets an authenticated low-privileged user elevate to SYSTEM by delivering crafted serialized data that the service deserializes unsafely (CWE-502). Reported by Microsoft, it affects a broad range of Windows 10, Windows 11, and Windows Server builds and carries CVSS 7.8 with high confidentiality, integrity, and availability impact. No public exploit is identified at time of analysis and it is not in CISA KEV, but a vendor patch is available.

Microsoft Deserialization Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +10
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2026-50496 HIGH PATCH Exploit Unlikely This Week

Information disclosure in the Windows Network Policy Server (NPS) SNMP handling allows a remote, unauthenticated attacker to read out-of-bounds memory over the network and disclose potentially sensitive data. The flaw affects a broad range of Windows Server (2012 through 2025) and Windows client builds where the NPS role/SNMP component is present. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; a vendor patch is available from Microsoft (MSRC).

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2026-50497 MEDIUM PATCH This Month

Off-by-one memory boundary error in the Windows Remote Desktop Protocol exposes sensitive memory contents over the network to unauthenticated remote attackers on all major Windows client and server releases. The CWE-193 root cause allows the RDP parser to read one element beyond an allocated buffer boundary, yielding a high-confidentiality-impact information disclosure (C:H) with no integrity or availability consequence. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog; however, the breadth of affected Windows versions - spanning Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025 - gives this a wide potential attack surface warranting prompt patching.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2026-50503 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Runtime (WinRT) affects current Microsoft platforms including Windows 11 24H2, 25H2, 26H1, and Windows Server 2025, where a race condition (CWE-362) in the handling of a shared resource lets an already-authenticated local user win a timing window to gain higher privileges. Microsoft has released a patch, and there is no public exploit identified at time of analysis. With a CVSS 7.0 (AV:L/AC:H/PR:L) the flaw requires local access and precise timing, making it a plausible second-stage escalation rather than an initial entry point.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50501 HIGH PATCH This Week

Local code execution in Microsoft's Resilient File System (ReFS) driver affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a stack-based buffer overflow (CWE-121) can be triggered when a victim interacts with attacker-crafted ReFS data. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows an unauthenticated but user-interaction-dependent local attack yielding full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and the flaw is not on CISA KEV, so it currently represents a patch-priority rather than an active-exploitation emergency.

Buffer Overflow Stack Overflow Microsoft Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-50492 MEDIUM PATCH This Month

Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code with a physical attack.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2026-50505 HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows Message Queuing (MSMQ) service arises from a use-after-free (CWE-416) memory-corruption flaw that an authenticated attacker can trigger across a network to run arbitrary code in the service context. It affects a broad range of supported Windows client and server releases from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025 wherever the MSMQ component is enabled. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft rates it CVSS 7.5 and has released a fix.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-50498 HIGH PATCH Exploit Unlikely This Week

Elevation of privilege in the Microsoft Windows Universal Disk Format File System driver (UDFS) allows a local attacker to gain higher privileges after a user mounts or opens a maliciously crafted UDF-formatted volume such as an ISO or disc image. The flaw is an out-of-bounds read (CWE-125) in the kernel-mode UDFS parser, and successful exploitation yields high impact to confidentiality, integrity, and availability (CVSS 7.8). No public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50490 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Installer (msiexec) service across Windows 10, Windows 11, and Windows Server 2012 through 2025 allows an already-authenticated local user to gain higher privileges by triggering a use-after-free memory-corruption condition. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV, but Microsoft has published a patch. The high CVSS complexity (AC:H) indicates exploitation requires winning a race or meeting specific timing/heap conditions rather than being trivially reliable.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50494 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation to code execution in the Windows NTFS file-system driver stems from a heap-based buffer overflow (CWE-122) that an authenticated local attacker can trigger to run arbitrary code with elevated privileges. The flaw was reported by Microsoft and spans a broad range of currently-supported Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and reliable memory-corruption primitive in a core kernel-mode driver make it a strong candidate for patch-Tuesday prioritization.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50489 HIGH POC PATCH Exploit Likely This Week

Local privilege escalation in the Windows Win32K kernel subsystem (CWE-122 heap-based buffer overflow) lets an already-authenticated low-privileged attacker corrupt kernel heap memory and gain SYSTEM-level control across a broad range of Windows client and server releases. The flaw carries a CVSS 3.1 base score of 8.8 with a changed scope (S:C), reflecting that a user-mode process can compromise the kernel security boundary. It was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-50499 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Print Spooler Components affects Windows 10 (1809, 21H2, 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2019/2022/2025, where a heap-based buffer overflow (CWE-122) lets an already-authenticated local user corrupt heap memory in a Spooler component and gain SYSTEM-level privileges. Exploitation requires low-privilege local access (CVSS AV:L/PR:L) with no user interaction, yielding full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50500 HIGH PATCH This Week

Privilege escalation in the Windows Netlogon service allows an already-authenticated, low-privileged network attacker to elevate to higher privileges by exploiting a use-after-free (CWE-416) memory-corruption condition. The flaw affects a broad range of Windows client and server releases from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025, including Server Core installations. Reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-50488 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Clipboard User Service lets an already-authenticated low-privileged user run OS commands in the service's higher-privilege security context by injecting special elements into a command the service constructs (CWE-77). Affected platforms are Windows 11 24H2/25H2 and Windows Server 2025 (including Server Core). Microsoft has issued a patch; there is no public exploit identified at time of analysis and the flaw is not on the CISA KEV list.

Microsoft Command Injection Windows 11 Version 24H2 Windows 11 Version 25H2 Windows Server 2025 +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2026-50487 HIGH PATCH Exploit Unlikely This Week

Network-based privilege elevation in Microsoft Windows DNS (Windows 11 24H2/25H2/26H1 and Windows Server 2025) stems from a use-after-free memory corruption condition that an unauthenticated remote attacker can exploit to gain elevated privileges with full confidentiality, integrity, and availability impact. The flaw requires no prior authentication or user interaction (PR:N/UI:N) but carries high attack complexity (AC:H), meaning reliable exploitation depends on winning a race or satisfying a specific memory-state timing window. Microsoft self-reported the issue and has shipped a patch; no public exploit identified at time of analysis and it is not currently listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2026-50486 HIGH PATCH This Week

Elevation of privilege in the Windows Runtime (WinRT) component affects Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2025, where a use-after-free memory-corruption flaw lets an already-authenticated local user run code at higher privilege. Microsoft has released a patch and reported the issue; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV. Given the CVSS 7.8 (Important) rating and full C/I/A impact, this is a standard local privilege-escalation risk suited for regular patch prioritization rather than emergency response.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 21H2 +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50485 MEDIUM PATCH Exploit Unlikely This Month

Denial of service in Windows Hyper-V allows an authorized, adjacent-network attacker to crash or disrupt the hypervisor by triggering a buffer over-read (CWE-126). Affected platforms span Windows 10, Windows 11, and Windows Server 2012 through 2025, covering a broad slice of Microsoft's enterprise footprint. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but a vendor-issued patch is available via Microsoft MSRC.

Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
4.5
EPSS
0.4%
CVE-2026-50502 HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows Event Logging Service allows an authenticated attacker with low privileges to execute code over a network after enticing a user into an interaction (UI:R), due to insufficient granularity of access control (CWE-1220). The flaw affects a broad range of Windows client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2026-50493 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Graphics Kernel component allows an authenticated attacker to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory-corruption condition. All currently supported Windows client and server builds are affected - from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025. No public exploit identified at time of analysis; Microsoft has released a patch, and the CVSS 7.8 (Important) rating reflects high impact but a local-access, low-privilege prerequisite.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50484 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker corrupt heap memory to gain SYSTEM-level control across Windows 10 (1809/21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025. The CVSS 7.8 (AV:L/PR:L) rating reflects that low-privileged code execution is a prerequisite; there is no public exploit identified at time of analysis, but Microsoft has released a patch. This is a classic post-exploitation escalation primitive rather than an initial-access vector.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50483 MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-50495 MEDIUM PATCH Exploit Unlikely This Month

Local tampering in Windows DNS via improper access control (CWE-284) allows a low-privilege authenticated local user to manipulate DNS configuration or records across a broad range of Windows 10, Windows 11, and Windows Server releases. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L) confirms exploitation requires only a valid local account with no elevated privileges, yielding high integrity impact with minimal availability disruption and no direct confidentiality exposure. No public exploit code or CISA KEV listing has been identified at time of analysis, but the 'Authentication Bypass' advisory tag suggests DNS tampering may enable downstream bypass of authentication mechanisms dependent on DNS resolution, potentially amplifying the effective impact beyond the raw CVSS score.

Authentication Bypass Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2026-50482 HIGH PATCH Exploit Unlikely This Week

Local privilege-level code execution in the Windows NTFS file-system driver affects a broad range of Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. A heap-based buffer overflow (CWE-122) lets an authorized local attacker who can induce a user to interact with a crafted file or volume execute arbitrary code in the security context of the kernel-mode NTFS component. There is no public exploit identified at time of analysis and it is not in CISA KEV, but Microsoft has released a patch and the flaw carries full high confidentiality, integrity, and availability impact.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2026-50480 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Web Proxy Auto-Discovery (WPAD) service affects Windows 10 Version 1607 and Windows Server 2012, 2012 R2, and 2016 (including Server Core installations), where a heap-based buffer overflow (CWE-122) lets an authenticated local attacker corrupt kernel/service heap memory and elevate to higher privileges. Microsoft has released a patch and reported the flaw itself; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:L/UI:N) reflecting a high-impact but locally-scoped attack requiring existing low-privilege access.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows Server 2012 +5
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50479 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows USB Hub Driver allows an authenticated low-privileged user to elevate to SYSTEM by triggering an untrusted pointer dereference (CWE-822), affecting Windows 10 (1809/21H2/22H2) and Windows Server 2019 through 2025. Successful exploitation yields full confidentiality, integrity, and availability impact on the local host. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +5
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50478 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an authenticated attacker who already has low-privileged code execution on a host elevate to SYSTEM by exploiting a use-after-free (CWE-416) memory corruption. It affects a broad range of supported Windows client and server builds - Windows 10 (1809/21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025 - and Microsoft has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation appears unproven publicly despite the reliably-exploitable nature of kernel UAF flaws.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50477 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker corrupt heap memory (CWE-122) to run code with SYSTEM-level privileges. It affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). No public exploit identified at time of analysis, but the CVSS 8.8 rating and scope change make it a strong candidate for chaining after initial access.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-50459 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel arises from a use-after-free (CWE-416) memory-corruption flaw that lets an attacker running code on the machine gain higher privileges, potentially SYSTEM. It affects a broad range of current Windows client and server builds (Windows 10 21H2/22H2, Windows 11 24H2/25H2/26H1, Windows Server 2022/2025). No public exploit identified at time of analysis, but the local attack surface and full CIA impact make it a standard Patch-Tuesday-class kernel EoP worth prompt patching.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 21H2 +7
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50470 HIGH PATCH Exploit Unlikely This Week

Information disclosure in the Windows Network Policy Server (NPS) SNMP component allows a remote, unauthenticated attacker to read out-of-bounds memory over the network and disclose sensitive process data. The flaw affects a broad range of Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. It was reported by Microsoft, a vendor patch is available, and no public exploit has been identified at time of analysis (not listed in CISA KEV).

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-50406 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Backup Engine affects Windows 10 (21H2, 22H2) and Windows 11 (24H2, 25H2, 26H1), where a use-after-free (CWE-416) memory-corruption flaw lets an already-authorized local user with low privileges elevate to higher rights. No public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft rates it 7.0 (High), reflecting meaningful impact tempered by high attack complexity. Successful exploitation grants full confidentiality, integrity, and availability impact on the affected host.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 21H2 +4
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50424 HIGH PATCH Exploit Unlikely This Week

Denial of service in the Windows Domain Controller role on Windows Server 2025 (including Server Core) and Windows 11 24H2/25H2/26H1 lets a remote, unauthenticated attacker crash or hang authentication services by triggering an untrusted pointer dereference over the network. Because the CVSS vector is PR:N/UI:N with A:H and no confidentiality or integrity impact, a single crafted network exchange can disrupt directory and logon services domain-wide without credentials. No public exploit identified at time of analysis, and it is not on CISA KEV; Microsoft has released a patch.

Authentication Bypass Microsoft Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-50450 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Wireless Wide Area Network (WWAN) Service allows a low-privileged authenticated user to win a race condition and gain SYSTEM-level privileges across Windows 10, Windows 11, and Windows Server 2019 through 2025. The flaw stems from improper synchronization of a shared resource (CWE-362), and the scope-changed CVSS impact (S:C) reflects that successful exploitation crosses from the attacker's low-privilege context into a higher-privileged service. No public exploit identified at time of analysis, and it is not listed in CISA KEV, though Microsoft credits itself as the reporter, indicating internal discovery.

Microsoft Race Condition Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50429 HIGH PATCH Exploit Unlikely This Week

Remote information disclosure in the Microsoft Windows Kernel (CWE-125 out-of-bounds read) lets an unauthenticated attacker read kernel memory over a network, per the CVSS AV:N/PR:N vector, affecting a broad range of Windows 10, Windows 11, and Windows Server 2016 through 2025 builds. The flaw carries high confidentiality impact (C:H) with a minor availability side effect and no integrity impact, scoring CVSS 8.2. No public exploit is identified at time of analysis and it is not in CISA KEV, but the network-reachable, no-authentication, no-interaction profile makes it a notable patch priority.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2026-50476 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows (Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025) arises from a use-after-free memory-corruption flaw (CWE-416) that lets an already-authenticated local user run code at elevated privilege. The CVSS 3.1 base score is 7.8 with a scope-changed vector, and Microsoft has shipped a fix via MSRC. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, so exploitation is currently theoretical rather than observed.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2026-50475 MEDIUM PATCH Exploit Likely This Month

Buffer over-read in Windows Kernel allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50458 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Brokering File System affects Windows 11 24H2/25H2/26H1 and Windows Server 2025, where a use-after-free (CWE-416) lets an already-authenticated local user corrupt memory to elevate to higher privileges (typically SYSTEM). Microsoft has released a patch and rates it 7.8 (High). There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50415 MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Windows Media allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2026-50394 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +13
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50444 HIGH PATCH NEWS Exploit Unlikely This Week

Privilege elevation in Microsoft's Windows Server Update Services (WSUS) role allows a network-based, low-privileged attacker to gain higher privileges due to a missing authentication check on a critical function (CWE-306). The flaw affects WSUS as shipped on Windows Server 2012 through 2025 (and client builds Windows 10 1607/1809), with a CVSS 3.1 base score of 8.8; Microsoft has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, low-complexity nature makes this a high-priority patch for update-management infrastructure.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows Server 2012 +10
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-50362 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows' Resilient File System (ReFS) driver lets an unauthorized attacker run arbitrary code by inducing a victim to mount or open a maliciously crafted ReFS volume (CVE-2026-50362). The flaw affects the ReFS component shipped across Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025, carries CVSS 7.8, and requires user interaction (UI:R) with no prior authentication (PR:N). Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50420 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
6.2
EPSS
0.4%
CVE-2026-50438 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft PC Manager lets an already-authenticated low-privileged user abuse improper symbolic/hard link resolution (CWE-59) to gain higher privileges, likely SYSTEM given the CVSS scope change. Rated CVSS 8.8, the flaw carries high confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available via MSRC.

Microsoft Information Disclosure Microsoft Pc Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-50447 CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in Microsoft Windows Message Queuing (MSMQ) allows an unauthenticated attacker to run arbitrary code over the network by corrupting heap memory. The flaw (CWE-122) carries a CVSS 9.8 and affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. No public exploit is identified at time of analysis, but the network-reachable, no-interaction, no-privilege profile of prior MSMQ bugs (e.g. the 'QueueJumper' class) makes this a top-priority patch. Microsoft has released a fix.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2026-50417 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation to code execution in the Windows NTFS driver (CVE-2026-50417) allows an authenticated attacker with low privileges to corrupt heap memory and run arbitrary code on affected Windows 10, Windows 11, and Windows Server 2012 through 2025 systems. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft, with CVSS 7.8 (High) reflecting local vector, low complexity, and full confidentiality/integrity/availability impact. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50453 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2026-50431 MEDIUM PATCH This Month

Windows Quality of Service (QoS) Packet Scheduler Information Disclosure Vulnerability

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-50461 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS (New Technology File System) driver arises from a heap-based buffer overflow (CWE-122) that an attacker can trigger by inducing a user to interact with a specially crafted NTFS volume or file. Affecting a broad range of Windows client and server builds from Windows Server 2012/2012 R2 through Windows 11 26H1 and Windows Server 2025, successful exploitation yields high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; Microsoft has issued a fix.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50399 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an authenticated low-privileged user to elevate to higher (likely SYSTEM-level) privileges by triggering an out-of-bounds read condition. The flaw affects a broad range of currently supported Windows client and server builds, from Windows 10 21H2 through Windows 11 26H1 and Windows Server 2022/2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50432 MEDIUM PATCH Exploit Unlikely This Month

Use after free in Windows Virtual Filtering Platform (VFP) allows an authorized attacker to deny service over a network.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2026-50456 MEDIUM PATCH This Month

Windows File Explorer on a wide range of Microsoft Windows client and server versions exposes sensitive information to locally authenticated standard users, achieving high confidentiality impact without requiring elevated privileges. The flaw (CWE-200) is confined to the local attack surface - CVSS AV:L/PR:L - meaning the attacker must already hold an interactive session on the target system. No public exploit code and no CISA KEV listing have been identified at time of analysis; a vendor patch is available through Microsoft Security Response Center.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50389 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-50442 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50473 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50457 HIGH PATCH This Week

Local privilege escalation in the Windows Runtime (WinRT) component of Windows 10, Windows 11, and Windows Server allows an authenticated attacker to run arbitrary code with elevated (SYSTEM-level) privileges by triggering a use-after-free memory-corruption condition (CWE-416). Microsoft has released a patch, but there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV. The CVSS 3.1 score of 7.8 (High) with a fully local vector reflects meaningful post-compromise impact but requires the attacker to already have a foothold on the host.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50462 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an already-authenticated local attacker to gain elevated (SYSTEM-level) privileges across a broad range of Windows client and server releases from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Reported internally by Microsoft with a patch available, the flaw carries CVSS 7.8 with full confidentiality, integrity, and availability impact but no confirmed active exploitation; no public exploit identified at time of analysis.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50439 HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. An unauthenticated network attacker who can reach the MSMQ service (TCP 1801) can trigger a use-after-free (CWE-416) in the Queue Manager to execute arbitrary code in the service context. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the high CVSS (8.1), network attack vector, and lack of any authentication requirement make patched deployment urgent; exploitation is tempered by the High attack complexity (AC:H).

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2026-50465 HIGH PATCH Exploit Unlikely This Week

Local integrity and availability tampering in the Microsoft Windows DNS component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where an authorized attacker with low privileges can abuse improper access control to modify DNS data or disrupt the service. Microsoft self-reported the issue and has released a patch. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, so exploitation would currently require local access on an already-compromised or shared host.

Authentication Bypass Microsoft Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-50441 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Resilient File System (ReFS) lets an authenticated local attacker gain elevated (SYSTEM-level) privileges by triggering an untrusted pointer dereference in the ReFS driver. It affects a broad range of Windows 10, Windows 11, and Windows Server 2016-2025 builds. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, so risk is currently patch-and-move rather than emergency.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50409 MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Windows Overlay Filter allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50435 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Overlay Filter (WOF) driver affects a broad range of Windows client and server releases, from Windows 10 1607 and Server 2012 R2 through Windows 11 26H1 and Server 2025. An authenticated local attacker with low privileges can trigger a buffer over-read (CWE-126) in the filter to elevate to higher privileges, gaining full confidentiality, integrity, and availability impact on the host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50402 HIGH PATCH This Week

Local privilege escalation in the Windows NTFS file-system driver lets an authenticated low-privileged user gain elevated (likely SYSTEM) privileges by exploiting an incorrect conversion between numeric types (CWE-681). Affected platforms span Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Microsoft reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50466 HIGH PATCH This Week

Local privilege escalation in the Windows Brokering File System component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a use-after-free memory corruption (CWE-416) lets an already-authenticated local user elevate to higher privileges. Microsoft rates it CVSS 7.8 with full confidentiality, integrity, and availability impact, and has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50451 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Routing and Remote Access Service (RRAS) allows a low-privileged authenticated user to elevate to higher privileges on affected Windows 10, Windows 11, and Windows Server 2012 through 2025 systems. The flaw stems from a missing authentication check on a critical RRAS function (CWE-306), letting an already-authorized local attacker invoke privileged functionality without proper authorization. Microsoft has released a patch; there is no public exploit identified at time of analysis.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-50383 MEDIUM PATCH Exploit Unlikely This Month

Buffer over-read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2026-50367 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Sensor Data Service allows an authenticated low-privileged user to gain full SYSTEM-level control on affected Windows 10, Windows 11, and Windows Server (2019-2025) systems. The flaw stems from incorrect access to an indexable resource (a range/bounds error, CWE-118) and yields high confidentiality, integrity, and availability impact per the CVSS 7.8 vector. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50374 MEDIUM PATCH Exploit Unlikely This Month

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges with a physical attack.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2026-50421 HIGH PATCH This Week

Local privilege escalation in the Windows Connected User Experiences and Telemetry service (DiagTrack) lets an already-authenticated user run arbitrary code with SYSTEM-level rights by triggering a CWE-843 type-confusion condition. The flaw affects a broad range of currently-supported Windows client and server builds, from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Memory Corruption Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50422 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows NTFS file-system driver lets an already-authenticated low-privileged user read memory outside allocated bounds (CWE-125) to gain elevated privileges. It affects a broad Windows fleet spanning Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Remote code execution in the Microsoft Windows DHCP Server role (Windows Server 2012 through 2025, plus Windows 10 1607/1809) arises from a double-free (CWE-415) condition that an authorized, network-adjacent attacker can trigger to run arbitrary code in the DHCP service context. The CVSS 3.1 vector (AV:N/AC:H/PR:L/UI:N) indicates a network-reachable but high-complexity attack requiring low-level privileges, with full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and no CISA KEV listing, so exploitation appears theoretical rather than active for now.

Microsoft Information Disclosure Windows 10 Version 1607 +11
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Denial of service in Windows Active Directory allows an authenticated network attacker to crash or degrade the directory service via an out-of-bounds read (CWE-125). The flaw affects Active Directory across Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2022/2025 including Server Core; there is no public exploit identified at time of analysis. Impact is primarily availability (A:H) with a minor confidentiality leak (C:L), and Microsoft has released a patch.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 8.2
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft's Windows Hyper-V hypervisor allows an already-authenticated, high-privileged attacker to corrupt heap memory (CWE-122) and elevate to higher privileges on the host. The scope-changed CVSS 3.1 vector (8.2) reflects that a successful exploit can breach the guest/host virtualization boundary, impacting confidentiality, integrity, and availability of the underlying host. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; a Microsoft patch is available.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 1% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an authenticated attacker to gain SYSTEM-level control by exploiting a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of Windows client and server builds - from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025 - and was reported by Microsoft with a patch available. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 3.1 base score is 7.8 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Search Component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a heap-based buffer overflow lets an already-authenticated local attacker corrupt memory and elevate to higher privileges (up to SYSTEM). The CVSS 3.1 score of 7.8 reflects local-only attack with low privileges required and no user interaction, yielding full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Windows Active Directory across a broad range of Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025) allows an authenticated local attacker to elevate privileges by triggering an integer overflow (CWE-190). Successful exploitation yields high confidentiality, integrity, and availability impact, effectively enabling escalation to SYSTEM-level control on the affected host. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has issued a patch via MSRC.

Buffer Overflow Microsoft Integer Overflow +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Media (a component shipping in Windows 11 versions 24H2, 25H2, and 26H1) lets an authenticated local attacker execute code at elevated privilege by triggering a use-after-free (CWE-416) memory-corruption condition. Reported by Microsoft with a vendor patch available, it carries CVSS 7.8 (High) and can yield full confidentiality, integrity, and availability compromise of the host. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an already-authenticated local attacker to win a race condition and gain SYSTEM-level privileges. Rated CVSS 7.8 (High), the flaw stems from improper synchronization of a shared resource; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Microsoft has released a patch via the MSRC update guide.

Microsoft Race Condition Information Disclosure +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft's Windows USB Print Driver stems from a use-after-free (CWE-416) memory corruption flaw affecting Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. A low-privileged authenticated attacker who can execute code on the host and win a memory-timing race can corrupt kernel memory to gain higher (SYSTEM-level) privileges. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation is not currently observed in the wild.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an authenticated attacker gain elevated (SYSTEM-level) privileges by triggering a NULL pointer dereference (CWE-476) in kernel-mode code. The flaw affects a broad range of client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis.

Microsoft Denial Of Service Null Pointer Dereference +18
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows NTFS (New Technology File System) driver lets an already-authenticated low-privileged user corrupt kernel memory via a use-after-free (CWE-416) and elevate to SYSTEM. The flaw affects a broad Windows client and server matrix (Windows 10 1809 through Windows 11 26H1, Windows Server 2019/2022/2025). It has no public exploit identified at time of analysis and is not on CISA KEV, but as a Microsoft-reported, patched NTFS kernel bug it is a routine patch-priority item on standard Patch Tuesday cycles.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker read memory outside allocated bounds (CWE-125) and leverage it to elevate to SYSTEM across a broad range of client and server builds (Windows 10 1809 through Windows 11 26H1, Windows Server 2019 through 2025). Microsoft rates it CVSS 8.8 with a changed scope, and a vendor patch is available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Windows Telephony Service (TAPI) affects a broad range of Microsoft Windows client and server releases, from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. A local, low-privileged attacker who wins a race condition (CWE-362) in the service's handling of a shared resource can corrupt state and elevate to higher privileges, gaining full confidentiality, integrity, and availability impact on the host. There is no public exploit identified at time of analysis and it is not on CISA KEV; EPSS was not provided.

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Privilege escalation via heap-based buffer overflow in the Windows NTFS filesystem driver affects a broad range of Windows 10, Windows 11, and Windows Server versions, requiring only physical access to the target device - no OS credentials needed. An attacker with hands-on access to the hardware can trigger a heap overflow in NTFS processing to gain elevated privileges, potentially achieving full system compromise (High C/I/A). No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, but the combination of zero authentication requirements and critical-level impact makes it a realistic threat for physically accessible endpoints. A vendor-supplied patch is available via the Microsoft Security Response Center.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH Exploit Likely This Week

Elevation of privilege in the Windows NTFS file-system driver lets an already-authenticated local user escalate to SYSTEM by winning a race condition (CWE-362) in the way NTFS handles a shared resource without proper synchronization. All currently supported Windows client and server builds are affected, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. There is no public exploit identified at time of analysis, but Microsoft has released a patch and rates the impact as full loss of confidentiality, integrity, and availability once exploited.

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Privilege escalation in the Windows Remote Access Connection Manager (RasMan) service lets an authenticated, low-privileged attacker corrupt memory over the network to gain higher privileges on affected Windows 10, 11, and Server systems. The flaw is a CWE-416 use-after-free carrying a CVSS 8.8 with high impact to confidentiality, integrity, and availability. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +17
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM POC PATCH Exploit Unlikely This Month

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Authentication Bypass Microsoft Windows 10 Version 1607 +13
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Defender for Endpoint for macOS lets an authenticated local attacker exploit a time-of-check-to-time-of-use race to gain elevated privileges. The flaw (CWE-367) requires winning a timing window between when Defender validates a resource and when it acts on it, yielding high confidentiality, integrity, and availability impact. Microsoft has published a fix, and there is no public exploit identified at time of analysis.

Microsoft Information Disclosure Microsoft Defender For Endpoint For Mac
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH Exploit Unlikely This Month

Exposure of private personal information to an unauthorized actor in Microsoft Defender allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Microsoft Defender For Endpoint For Mac
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH Exploit Likely This Week

Local code execution in the Windows Media component of supported Windows 10, Windows 11, and Windows Server (2016 through 2025) releases lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted media file. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis. CVSS is 7.8 (High), driven by full confidentiality, integrity, and availability impact but gated by local vector and required user interaction.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Exploit Likely Act Now

Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122) in the service's packet handling. The flaw carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and affects Windows Server 2012 through 2025 as well as the underlying Windows 10 1607/1809 code base. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the unauthenticated network RCE profile makes it a high-priority patch.

Heap Overflow Buffer Overflow Microsoft +13
NVD
EPSS 2% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Wireless Wide Area Network Service (WwanSvc) lets an authenticated low-privileged user elevate to SYSTEM by delivering crafted serialized data that the service deserializes unsafely (CWE-502). Reported by Microsoft, it affects a broad range of Windows 10, Windows 11, and Windows Server builds and carries CVSS 7.8 with high confidentiality, integrity, and availability impact. No public exploit is identified at time of analysis and it is not in CISA KEV, but a vendor patch is available.

Microsoft Deserialization Windows 10 Version 1607 +12
NVD
EPSS 1% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Information disclosure in the Windows Network Policy Server (NPS) SNMP handling allows a remote, unauthenticated attacker to read out-of-bounds memory over the network and disclose potentially sensitive data. The flaw affects a broad range of Windows Server (2012 through 2025) and Windows client builds where the NPS role/SNMP component is present. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; a vendor patch is available from Microsoft (MSRC).

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Off-by-one memory boundary error in the Windows Remote Desktop Protocol exposes sensitive memory contents over the network to unauthenticated remote attackers on all major Windows client and server releases. The CWE-193 root cause allows the RDP parser to read one element beyond an allocated buffer boundary, yielding a high-confidentiality-impact information disclosure (C:H) with no integrity or availability consequence. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog; however, the breadth of affected Windows versions - spanning Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025 - gives this a wide potential attack surface warranting prompt patching.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Runtime (WinRT) affects current Microsoft platforms including Windows 11 24H2, 25H2, 26H1, and Windows Server 2025, where a race condition (CWE-362) in the handling of a shared resource lets an already-authenticated local user win a timing window to gain higher privileges. Microsoft has released a patch, and there is no public exploit identified at time of analysis. With a CVSS 7.0 (AV:L/AC:H/PR:L) the flaw requires local access and precise timing, making it a plausible second-stage escalation rather than an initial entry point.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft's Resilient File System (ReFS) driver affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a stack-based buffer overflow (CWE-121) can be triggered when a victim interacts with attacker-crafted ReFS data. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows an unauthenticated but user-interaction-dependent local attack yielding full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and the flaw is not on CISA KEV, so it currently represents a patch-priority rather than an active-exploitation emergency.

Buffer Overflow Stack Overflow Microsoft +5
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code with a physical attack.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows Message Queuing (MSMQ) service arises from a use-after-free (CWE-416) memory-corruption flaw that an authenticated attacker can trigger across a network to run arbitrary code in the service context. It affects a broad range of supported Windows client and server releases from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025 wherever the MSMQ component is enabled. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft rates it CVSS 7.5 and has released a fix.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Elevation of privilege in the Microsoft Windows Universal Disk Format File System driver (UDFS) allows a local attacker to gain higher privileges after a user mounts or opens a maliciously crafted UDF-formatted volume such as an ISO or disc image. The flaw is an out-of-bounds read (CWE-125) in the kernel-mode UDFS parser, and successful exploitation yields high impact to confidentiality, integrity, and availability (CVSS 7.8). No public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Installer (msiexec) service across Windows 10, Windows 11, and Windows Server 2012 through 2025 allows an already-authenticated local user to gain higher privileges by triggering a use-after-free memory-corruption condition. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV, but Microsoft has published a patch. The high CVSS complexity (AC:H) indicates exploitation requires winning a race or meeting specific timing/heap conditions rather than being trivially reliable.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation to code execution in the Windows NTFS file-system driver stems from a heap-based buffer overflow (CWE-122) that an authenticated local attacker can trigger to run arbitrary code with elevated privileges. The flaw was reported by Microsoft and spans a broad range of currently-supported Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and reliable memory-corruption primitive in a core kernel-mode driver make it a strong candidate for patch-Tuesday prioritization.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH Exploit Likely This Week

Local privilege escalation in the Windows Win32K kernel subsystem (CWE-122 heap-based buffer overflow) lets an already-authenticated low-privileged attacker corrupt kernel heap memory and gain SYSTEM-level control across a broad range of Windows client and server releases. The flaw carries a CVSS 3.1 base score of 8.8 with a changed scope (S:C), reflecting that a user-mode process can compromise the kernel security boundary. It was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Print Spooler Components affects Windows 10 (1809, 21H2, 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2019/2022/2025, where a heap-based buffer overflow (CWE-122) lets an already-authenticated local user corrupt heap memory in a Spooler component and gain SYSTEM-level privileges. Exploitation requires low-privilege local access (CVSS AV:L/PR:L) with no user interaction, yielding full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Privilege escalation in the Windows Netlogon service allows an already-authenticated, low-privileged network attacker to elevate to higher privileges by exploiting a use-after-free (CWE-416) memory-corruption condition. The flaw affects a broad range of Windows client and server releases from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025, including Server Core installations. Reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 1% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Clipboard User Service lets an already-authenticated low-privileged user run OS commands in the service's higher-privilege security context by injecting special elements into a command the service constructs (CWE-77). Affected platforms are Windows 11 24H2/25H2 and Windows Server 2025 (including Server Core). Microsoft has issued a patch; there is no public exploit identified at time of analysis and the flaw is not on the CISA KEV list.

Microsoft Command Injection Windows 11 Version 24H2 +3
NVD
EPSS 1% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Network-based privilege elevation in Microsoft Windows DNS (Windows 11 24H2/25H2/26H1 and Windows Server 2025) stems from a use-after-free memory corruption condition that an unauthenticated remote attacker can exploit to gain elevated privileges with full confidentiality, integrity, and availability impact. The flaw requires no prior authentication or user interaction (PR:N/UI:N) but carries high attack complexity (AC:H), meaning reliable exploitation depends on winning a race or satisfying a specific memory-state timing window. Microsoft self-reported the issue and has shipped a patch; no public exploit identified at time of analysis and it is not currently listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Elevation of privilege in the Windows Runtime (WinRT) component affects Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2025, where a use-after-free memory-corruption flaw lets an already-authenticated local user run code at higher privilege. Microsoft has released a patch and reported the issue; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV. Given the CVSS 7.8 (Important) rating and full C/I/A impact, this is a standard local privilege-escalation risk suited for regular patch prioritization rather than emergency response.

Use After Free Memory Corruption Denial Of Service +8
NVD
EPSS 0% CVSS 4.5
MEDIUM PATCH Exploit Unlikely This Month

Denial of service in Windows Hyper-V allows an authorized, adjacent-network attacker to crash or disrupt the hypervisor by triggering a buffer over-read (CWE-126). Affected platforms span Windows 10, Windows 11, and Windows Server 2012 through 2025, covering a broad slice of Microsoft's enterprise footprint. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but a vendor-issued patch is available via Microsoft MSRC.

Buffer Overflow Microsoft Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 8.0
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows Event Logging Service allows an authenticated attacker with low privileges to execute code over a network after enticing a user into an interaction (UI:R), due to insufficient granularity of access control (CWE-1220). The flaw affects a broad range of Windows client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Graphics Kernel component allows an authenticated attacker to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory-corruption condition. All currently supported Windows client and server builds are affected - from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025. No public exploit identified at time of analysis; Microsoft has released a patch, and the CVSS 7.8 (Important) rating reflects high impact but a local-access, low-privilege prerequisite.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker corrupt heap memory to gain SYSTEM-level control across Windows 10 (1809/21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025. The CVSS 7.8 (AV:L/PR:L) rating reflects that low-privileged code execution is a prerequisite; there is no public exploit identified at time of analysis, but Microsoft has released a patch. This is a classic post-exploitation escalation primitive rather than an initial-access vector.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 11 Version 24H2 +4
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH Exploit Unlikely This Month

Local tampering in Windows DNS via improper access control (CWE-284) allows a low-privilege authenticated local user to manipulate DNS configuration or records across a broad range of Windows 10, Windows 11, and Windows Server releases. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L) confirms exploitation requires only a valid local account with no elevated privileges, yielding high integrity impact with minimal availability disruption and no direct confidentiality exposure. No public exploit code or CISA KEV listing has been identified at time of analysis, but the 'Authentication Bypass' advisory tag suggests DNS tampering may enable downstream bypass of authentication mechanisms dependent on DNS resolution, potentially amplifying the effective impact beyond the raw CVSS score.

Authentication Bypass Microsoft Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 7.3
HIGH PATCH Exploit Unlikely This Week

Local privilege-level code execution in the Windows NTFS file-system driver affects a broad range of Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. A heap-based buffer overflow (CWE-122) lets an authorized local attacker who can induce a user to interact with a crafted file or volume execute arbitrary code in the security context of the kernel-mode NTFS component. There is no public exploit identified at time of analysis and it is not in CISA KEV, but Microsoft has released a patch and the flaw carries full high confidentiality, integrity, and availability impact.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Web Proxy Auto-Discovery (WPAD) service affects Windows 10 Version 1607 and Windows Server 2012, 2012 R2, and 2016 (including Server Core installations), where a heap-based buffer overflow (CWE-122) lets an authenticated local attacker corrupt kernel/service heap memory and elevate to higher privileges. Microsoft has released a patch and reported the flaw itself; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:L/UI:N) reflecting a high-impact but locally-scoped attack requiring existing low-privilege access.

Heap Overflow Buffer Overflow Microsoft +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows USB Hub Driver allows an authenticated low-privileged user to elevate to SYSTEM by triggering an untrusted pointer dereference (CWE-822), affecting Windows 10 (1809/21H2/22H2) and Windows Server 2019 through 2025. Successful exploitation yields full confidentiality, integrity, and availability impact on the local host. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Information Disclosure Windows 10 Version 1809 +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an authenticated attacker who already has low-privileged code execution on a host elevate to SYSTEM by exploiting a use-after-free (CWE-416) memory corruption. It affects a broad range of supported Windows client and server builds - Windows 10 (1809/21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025 - and Microsoft has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation appears unproven publicly despite the reliably-exploitable nature of kernel UAF flaws.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker corrupt heap memory (CWE-122) to run code with SYSTEM-level privileges. It affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). No public exploit identified at time of analysis, but the CVSS 8.8 rating and scope change make it a strong candidate for chaining after initial access.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel arises from a use-after-free (CWE-416) memory-corruption flaw that lets an attacker running code on the machine gain higher privileges, potentially SYSTEM. It affects a broad range of current Windows client and server builds (Windows 10 21H2/22H2, Windows 11 24H2/25H2/26H1, Windows Server 2022/2025). No public exploit identified at time of analysis, but the local attack surface and full CIA impact make it a standard Patch-Tuesday-class kernel EoP worth prompt patching.

Use After Free Memory Corruption Denial Of Service +9
NVD
EPSS 1% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Information disclosure in the Windows Network Policy Server (NPS) SNMP component allows a remote, unauthenticated attacker to read out-of-bounds memory over the network and disclose sensitive process data. The flaw affects a broad range of Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. It was reported by Microsoft, a vendor patch is available, and no public exploit has been identified at time of analysis (not listed in CISA KEV).

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Backup Engine affects Windows 10 (21H2, 22H2) and Windows 11 (24H2, 25H2, 26H1), where a use-after-free (CWE-416) memory-corruption flaw lets an already-authorized local user with low privileges elevate to higher rights. No public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft rates it 7.0 (High), reflecting meaningful impact tempered by high attack complexity. Successful exploitation grants full confidentiality, integrity, and availability impact on the affected host.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 1% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Denial of service in the Windows Domain Controller role on Windows Server 2025 (including Server Core) and Windows 11 24H2/25H2/26H1 lets a remote, unauthenticated attacker crash or hang authentication services by triggering an untrusted pointer dereference over the network. Because the CVSS vector is PR:N/UI:N with A:H and no confidentiality or integrity impact, a single crafted network exchange can disrupt directory and logon services domain-wide without credentials. No public exploit identified at time of analysis, and it is not on CISA KEV; Microsoft has released a patch.

Authentication Bypass Microsoft Windows 11 Version 24H2 +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Wireless Wide Area Network (WWAN) Service allows a low-privileged authenticated user to win a race condition and gain SYSTEM-level privileges across Windows 10, Windows 11, and Windows Server 2019 through 2025. The flaw stems from improper synchronization of a shared resource (CWE-362), and the scope-changed CVSS impact (S:C) reflects that successful exploitation crosses from the attacker's low-privilege context into a higher-privileged service. No public exploit identified at time of analysis, and it is not listed in CISA KEV, though Microsoft credits itself as the reporter, indicating internal discovery.

Microsoft Race Condition Information Disclosure +11
NVD
EPSS 1% CVSS 8.2
HIGH PATCH Exploit Unlikely This Week

Remote information disclosure in the Microsoft Windows Kernel (CWE-125 out-of-bounds read) lets an unauthenticated attacker read kernel memory over a network, per the CVSS AV:N/PR:N vector, affecting a broad range of Windows 10, Windows 11, and Windows Server 2016 through 2025 builds. The flaw carries high confidentiality impact (C:H) with a minor availability side effect and no integrity impact, scoring CVSS 8.2. No public exploit is identified at time of analysis and it is not in CISA KEV, but the network-reachable, no-authentication, no-interaction profile makes it a notable patch priority.

Buffer Overflow Microsoft Information Disclosure +14
NVD
EPSS 1% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows (Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025) arises from a use-after-free memory-corruption flaw (CWE-416) that lets an already-authenticated local user run code at elevated privilege. The CVSS 3.1 base score is 7.8 with a scope-changed vector, and Microsoft has shipped a fix via MSRC. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, so exploitation is currently theoretical rather than observed.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Likely This Month

Buffer over-read in Windows Kernel allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Brokering File System affects Windows 11 24H2/25H2/26H1 and Windows Server 2025, where a use-after-free (CWE-416) lets an already-authenticated local user corrupt memory to elevate to higher privileges (typically SYSTEM). Microsoft has released a patch and rates it 7.8 (High). There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Windows Media allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +15
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Privilege elevation in Microsoft's Windows Server Update Services (WSUS) role allows a network-based, low-privileged attacker to gain higher privileges due to a missing authentication check on a critical function (CWE-306). The flaw affects WSUS as shipped on Windows Server 2012 through 2025 (and client builds Windows 10 1607/1809), with a CVSS 3.1 base score of 8.8; Microsoft has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, low-complexity nature makes this a high-priority patch for update-management infrastructure.

Authentication Bypass Microsoft Windows 10 Version 1607 +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows' Resilient File System (ReFS) driver lets an unauthorized attacker run arbitrary code by inducing a victim to mount or open a maliciously crafted ReFS volume (CVE-2026-50362). The flaw affects the ReFS component shipped across Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025, carries CVSS 7.8, and requires user interaction (UI:R) with no prior authentication (PR:N). Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +5
NVD
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft PC Manager lets an already-authenticated low-privileged user abuse improper symbolic/hard link resolution (CWE-59) to gain higher privileges, likely SYSTEM given the CVSS scope change. Rated CVSS 8.8, the flaw carries high confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available via MSRC.

Microsoft Information Disclosure Microsoft Pc Manager
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in Microsoft Windows Message Queuing (MSMQ) allows an unauthenticated attacker to run arbitrary code over the network by corrupting heap memory. The flaw (CWE-122) carries a CVSS 9.8 and affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. No public exploit is identified at time of analysis, but the network-reachable, no-interaction, no-privilege profile of prior MSMQ bugs (e.g. the 'QueueJumper' class) makes this a top-priority patch. Microsoft has released a fix.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation to code execution in the Windows NTFS driver (CVE-2026-50417) allows an authenticated attacker with low privileges to corrupt heap memory and run arbitrary code on affected Windows 10, Windows 11, and Windows Server 2012 through 2025 systems. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft, with CVSS 7.8 (High) reflecting local vector, low complexity, and full confidentiality/integrity/availability impact. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows Quality of Service (QoS) Packet Scheduler Information Disclosure Vulnerability

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS (New Technology File System) driver arises from a heap-based buffer overflow (CWE-122) that an attacker can trigger by inducing a user to interact with a specially crafted NTFS volume or file. Affecting a broad range of Windows client and server builds from Windows Server 2012/2012 R2 through Windows 11 26H1 and Windows Server 2025, successful exploitation yields high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; Microsoft has issued a fix.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an authenticated low-privileged user to elevate to higher (likely SYSTEM-level) privileges by triggering an out-of-bounds read condition. The flaw affects a broad range of currently supported Windows client and server builds, from Windows 10 21H2 through Windows 11 26H1 and Windows Server 2022/2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH Exploit Unlikely This Month

Use after free in Windows Virtual Filtering Platform (VFP) allows an authorized attacker to deny service over a network.

Use After Free Memory Corruption Denial Of Service +15
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows File Explorer on a wide range of Microsoft Windows client and server versions exposes sensitive information to locally authenticated standard users, achieving high confidentiality impact without requiring elevated privileges. The flaw (CWE-200) is confined to the local attack surface - CVSS AV:L/PR:L - meaning the attacker must already hold an interactive session on the target system. No public exploit code and no CISA KEV listing have been identified at time of analysis; a vendor patch is available through Microsoft Security Response Center.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Runtime (WinRT) component of Windows 10, Windows 11, and Windows Server allows an authenticated attacker to run arbitrary code with elevated (SYSTEM-level) privileges by triggering a use-after-free memory-corruption condition (CWE-416). Microsoft has released a patch, but there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV. The CVSS 3.1 score of 7.8 (High) with a fully local vector reflects meaningful post-compromise impact but requires the attacker to already have a foothold on the host.

Use After Free Memory Corruption Denial Of Service +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an already-authenticated local attacker to gain elevated (SYSTEM-level) privileges across a broad range of Windows client and server releases from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Reported internally by Microsoft with a patch available, the flaw carries CVSS 7.8 with full confidentiality, integrity, and availability impact but no confirmed active exploitation; no public exploit identified at time of analysis.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. An unauthenticated network attacker who can reach the MSMQ service (TCP 1801) can trigger a use-after-free (CWE-416) in the Queue Manager to execute arbitrary code in the service context. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the high CVSS (8.1), network attack vector, and lack of any authentication requirement make patched deployment urgent; exploitation is tempered by the High attack complexity (AC:H).

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Local integrity and availability tampering in the Microsoft Windows DNS component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where an authorized attacker with low privileges can abuse improper access control to modify DNS data or disrupt the service. Microsoft self-reported the issue and has released a patch. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, so exploitation would currently require local access on an already-compromised or shared host.

Authentication Bypass Microsoft Windows 11 Version 24H2 +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Resilient File System (ReFS) lets an authenticated local attacker gain elevated (SYSTEM-level) privileges by triggering an untrusted pointer dereference in the ReFS driver. It affects a broad range of Windows 10, Windows 11, and Windows Server 2016-2025 builds. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, so risk is currently patch-and-move rather than emergency.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Windows Overlay Filter allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Overlay Filter (WOF) driver affects a broad range of Windows client and server releases, from Windows 10 1607 and Server 2012 R2 through Windows 11 26H1 and Server 2025. An authenticated local attacker with low privileges can trigger a buffer over-read (CWE-126) in the filter to elevate to higher privileges, gaining full confidentiality, integrity, and availability impact on the host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Microsoft Windows 10 Version 1607 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows NTFS file-system driver lets an authenticated low-privileged user gain elevated (likely SYSTEM) privileges by exploiting an incorrect conversion between numeric types (CWE-681). Affected platforms span Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Microsoft reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Brokering File System component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a use-after-free memory corruption (CWE-416) lets an already-authenticated local user elevate to higher privileges. Microsoft rates it CVSS 7.8 with full confidentiality, integrity, and availability impact, and has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Routing and Remote Access Service (RRAS) allows a low-privileged authenticated user to elevate to higher privileges on affected Windows 10, Windows 11, and Windows Server 2012 through 2025 systems. The flaw stems from a missing authentication check on a critical RRAS function (CWE-306), letting an already-authorized local attacker invoke privileged functionality without proper authorization. Microsoft has released a patch; there is no public exploit identified at time of analysis.

Authentication Bypass Microsoft Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH Exploit Unlikely This Month

Buffer over-read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Sensor Data Service allows an authenticated low-privileged user to gain full SYSTEM-level control on affected Windows 10, Windows 11, and Windows Server (2019-2025) systems. The flaw stems from incorrect access to an indexable resource (a range/bounds error, CWE-118) and yields high confidentiality, integrity, and availability impact per the CVSS 7.8 vector. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH Exploit Unlikely This Month

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges with a physical attack.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Connected User Experiences and Telemetry service (DiagTrack) lets an already-authenticated user run arbitrary code with SYSTEM-level rights by triggering a CWE-843 type-confusion condition. The flaw affects a broad range of currently-supported Windows client and server builds, from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Memory Corruption Information Disclosure +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows NTFS file-system driver lets an already-authenticated low-privileged user read memory outside allocated bounds (CWE-125) to gain elevated privileges. It affects a broad Windows fleet spanning Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +18
NVD
Prev Page 3 of 192 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy