Skip to main content

Surface Windows Dev Kit

1 CVEs product

Monthly

CVE-2026-48581 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Surface devices (Go, Hub, Laptop Go/Go 3, Pro/Pro 8, Laptop 4 AMD/Intel, Windows Dev Kit) allows an authenticated low-privileged user to gain higher privileges through insufficiently granular access control (CWE-1220) in the device firmware/platform layer. The flaw carries a CVSS 7.8 (High) with full confidentiality, integrity, and availability impact once exploited, but requires prior local access. No public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a fix via MSRC.

Microsoft Information Disclosure Microsoft Surface Go Microsoft Surface Hub Microsoft Surface Laptop Go +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Surface devices (Go, Hub, Laptop Go/Go 3, Pro/Pro 8, Laptop 4 AMD/Intel, Windows Dev Kit) allows an authenticated low-privileged user to gain higher privileges through insufficiently granular access control (CWE-1220) in the device firmware/platform layer. The flaw carries a CVSS 7.8 (High) with full confidentiality, integrity, and availability impact once exploited, but requires prior local access. No public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a fix via MSRC.

Microsoft Information Disclosure Microsoft Surface Go +8
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy