Skip to main content

Windows 11 Version 23H2

17 CVEs product

Monthly

CVE-2026-58629 HIGH PATCH This Week

Local privilege escalation in the Windows DirectX graphics subsystem allows an authenticated attacker with low privileges to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory-corruption condition. The flaw affects a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 3.1 base score is 7.0 (High), tempered by high attack complexity.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +18
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-56173 HIGH PATCH This Week

Local privilege elevation in the Windows WebView component affects a broad range of currently-supported Windows client and server builds (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019/2022/2025). By triggering a use-after-free (CWE-416) memory-corruption condition, an already-authenticated low-privilege attacker can execute code in a higher-privilege context, yielding full confidentiality, integrity, and availability impact on the local system. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +11
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50471 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS (the New Technology File System driver) arises from a heap-based buffer overflow that lets an attacker run arbitrary code with the privileges of the affected process. The flaw affects a broad swath of supported Windows client and server builds, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Microsoft (the reporter) has shipped a patch; there is no public exploit identified at time of analysis, and the CVSS vector requires local access plus user interaction, so it is a privilege-escalation/code-execution primitive rather than a remotely-wormable bug.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +17
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-44800 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Push Notifications component (WPN) affects Windows 11 (23H2, 24H2, 25H2, 26H1) and Windows Server 2025 including Server Core, where a race condition (CWE-362) lets an authorized local user win a timing window on a shared resource to run code at a higher privilege level. Microsoft reported the issue and has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Note a signal conflict: the description and CVSS impact frame this as privilege elevation, while the vendor tags also list 'Information Disclosure' - the primary impact should be treated as EoP pending vendor clarification.

Microsoft Race Condition Information Disclosure Windows 11 Version 23H2 Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-40378 HIGH PATCH Exploit Unlikely This Week

Denial of service in the Windows Local Security Authority Subsystem Service (LSASS) allows a remote, unauthenticated attacker to crash the service and disrupt authentication across all supported Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. The flaw stems from an excessive-size memory allocation (CWE-789) triggerable over the network with no privileges or user interaction, and while a vendor patch is available, there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Impact is limited to availability (A:H) with no confidentiality or integrity loss, but LSASS failure can force system instability or reboots, affecting domain authentication and logon.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +16
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-34348 MEDIUM PATCH Exploit Unlikely This Month

Windows Event Logging Service across a wide range of Windows 10, Windows 11, and Windows Server versions fails to enforce its intended protection mechanisms, permitting any authenticated low-privileged network user to read information that should be access-controlled. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) confirms exploitation requires only a valid low-privilege account and network connectivity, with no user interaction and no elevated rights - making it a practical post-compromise lateral-movement or reconnaissance tool. No public exploit code has been identified and this CVE is not listed in CISA KEV at time of analysis, but the ubiquitous deployment footprint across the Windows ecosystem elevates organizational exposure.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +9
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2026-34328 MEDIUM PATCH This Month

Windows Audio Service on multiple Windows desktop and server versions improperly exposes sensitive information to locally authenticated standard users, enabling information disclosure without requiring elevated privileges. Affecting Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 (with Server 2022 and 2025 referenced in tags), the flaw is exploitable post-foothold by any low-privileged local account, making it a realistic post-exploitation pivot rather than an initial access vector. No public exploit code has been identified at time of analysis, and a vendor-released patch is confirmed available via the Microsoft Security Response Center.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +9
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-33842 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +14
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-58640 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS driver allows an authenticated attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122) after inducing user interaction. The flaw affects a broad range of Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. It was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +17
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2026-58601 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Virtual Hard Disk (VHD) Miniport Driver lets an authenticated low-privileged user corrupt kernel heap memory and gain SYSTEM-level control. The flaw (CWE-122 heap-based buffer overflow, CVSS 7.8) affects a broad range of Windows 10, Windows 11, and Windows Server builds and was reported by Microsoft. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +12
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49172 CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft Windows FTP Service allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122). The flaw affects the FTP service across a broad range of Windows 10, Windows 11, and Windows Server (2019/2022/2025) builds and carries a critical CVSS 9.8 rating with no authentication or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated, network-reachable nature of the bug makes it a high-priority patch target.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +11
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-48571 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows App Installer (the AppX/MSIX deployment component) lets a low-privileged but authenticated user corrupt memory via a use-after-free (CWE-416) and gain higher privileges on the host. The flaw affects Windows 11 (23H2, 24H2, 25H2, 26H1) and Windows Server 2025, was reported by Microsoft, and has a vendor patch available. There is no public exploit identified at time of analysis and it is not on CISA KEV, though the CVSS 7.0 rating and full C/I/A impact make it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 23H2 +5
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-48572 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows App Installer (App Installer / MSIX handler) on Windows 11 (23H2 through 26H1) and Windows Server 2025 lets an already-authenticated local attacker win a timing race to elevate to higher privileges. The flaw stems from improper synchronization of a shared resource during concurrent execution, and Microsoft has released a patch. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure Windows 11 Version 23H2 Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-42990 CRITICAL PATCH Act Now

Remote code execution in the Microsoft ODBC Driver for SQL Server (shipped across Windows 10, Windows 11, and Windows Server 2012 through 2025) stems from a heap-based buffer overflow that lets an attacker run arbitrary code over the network. The supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) scores it 9.8 and marks it unauthenticated, though as a database driver flaw the realistic trigger is a client connecting to a malicious or compromised SQL Server endpoint. There is no public exploit identified at time of analysis and no CISA KEV listing, so this is a high-severity but not yet actively-exploited issue.

Heap Overflow Buffer Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +16
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-34346 MEDIUM PATCH Exploit Unlikely This Month

Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +16
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-42982 HIGH PATCH NEWS Exploit Unlikely This Week

Local privilege escalation in Windows Secure Kernel Mode (SKM/VTL1) allows an already-authenticated attacker to elevate to higher privileges on affected Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025 systems. The flaw stems from improper consistency validation of input crossing the trust boundary into the isolated secure kernel (CWE-1288), yielding full confidentiality, integrity, and availability impact on the local host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +12
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-33841 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows Kernel across Windows 10, Windows 11 (versions 22H3 through 26H1), and Windows Server 2022 allows authenticated local attackers to gain SYSTEM-level privileges through heap corruption. Microsoft has released patches addressing this CWE-122 heap-based buffer overflow. EPSS data not available for risk quantification, and no CISA KEV listing indicates exploitation has not been publicly confirmed, though the vulnerability's low attack complexity (AC:L) and minimal prerequisites (PR:L) make it attractive for post-compromise privilege escalation in targeted attacks.

Heap Overflow Microsoft Buffer Overflow Windows 10 Version 21H2 Windows 10 Version 22H2 +9
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Windows DirectX graphics subsystem allows an authenticated attacker with low privileges to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory-corruption condition. The flaw affects a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 3.1 base score is 7.0 (High), tempered by high attack complexity.

Use After Free Memory Corruption Denial Of Service +20
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege elevation in the Windows WebView component affects a broad range of currently-supported Windows client and server builds (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019/2022/2025). By triggering a use-after-free (CWE-416) memory-corruption condition, an already-authenticated low-privilege attacker can execute code in a higher-privilege context, yielding full confidentiality, integrity, and availability impact on the local system. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS (the New Technology File System driver) arises from a heap-based buffer overflow that lets an attacker run arbitrary code with the privileges of the affected process. The flaw affects a broad swath of supported Windows client and server builds, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Microsoft (the reporter) has shipped a patch; there is no public exploit identified at time of analysis, and the CVSS vector requires local access plus user interaction, so it is a privilege-escalation/code-execution primitive rather than a remotely-wormable bug.

Heap Overflow Buffer Overflow Microsoft +19
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Push Notifications component (WPN) affects Windows 11 (23H2, 24H2, 25H2, 26H1) and Windows Server 2025 including Server Core, where a race condition (CWE-362) lets an authorized local user win a timing window on a shared resource to run code at a higher privilege level. Microsoft reported the issue and has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Note a signal conflict: the description and CVSS impact frame this as privilege elevation, while the vendor tags also list 'Information Disclosure' - the primary impact should be treated as EoP pending vendor clarification.

Microsoft Race Condition Information Disclosure +6
NVD
EPSS 1% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Denial of service in the Windows Local Security Authority Subsystem Service (LSASS) allows a remote, unauthenticated attacker to crash the service and disrupt authentication across all supported Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. The flaw stems from an excessive-size memory allocation (CWE-789) triggerable over the network with no privileges or user interaction, and while a vendor patch is available, there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Impact is limited to availability (A:H) with no confidentiality or integrity loss, but LSASS failure can force system instability or reboots, affecting domain authentication and logon.

Authentication Bypass Microsoft Windows 10 Version 1607 +18
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Windows Event Logging Service across a wide range of Windows 10, Windows 11, and Windows Server versions fails to enforce its intended protection mechanisms, permitting any authenticated low-privileged network user to read information that should be access-controlled. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) confirms exploitation requires only a valid low-privilege account and network connectivity, with no user interaction and no elevated rights - making it a practical post-compromise lateral-movement or reconnaissance tool. No public exploit code has been identified and this CVE is not listed in CISA KEV at time of analysis, but the ubiquitous deployment footprint across the Windows ecosystem elevates organizational exposure.

Microsoft Information Disclosure Windows 10 Version 1809 +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows Audio Service on multiple Windows desktop and server versions improperly exposes sensitive information to locally authenticated standard users, enabling information disclosure without requiring elevated privileges. Affecting Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 (with Server 2022 and 2025 referenced in tags), the flaw is exploitable post-foothold by any low-privileged local account, making it a realistic post-exploitation pivot rather than an initial access vector. No public exploit code has been identified at time of analysis, and a vendor-released patch is confirmed available via the Microsoft Security Response Center.

Microsoft Information Disclosure Windows 10 Version 1809 +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +16
NVD
EPSS 0% CVSS 7.3
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS driver allows an authenticated attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122) after inducing user interaction. The flaw affects a broad range of Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. It was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft +19
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Virtual Hard Disk (VHD) Miniport Driver lets an authenticated low-privileged user corrupt kernel heap memory and gain SYSTEM-level control. The flaw (CWE-122 heap-based buffer overflow, CVSS 7.8) affects a broad range of Windows 10, Windows 11, and Windows Server builds and was reported by Microsoft. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Windows 10 Version 1607 +14
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft Windows FTP Service allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122). The flaw affects the FTP service across a broad range of Windows 10, Windows 11, and Windows Server (2019/2022/2025) builds and carries a critical CVSS 9.8 rating with no authentication or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated, network-reachable nature of the bug makes it a high-priority patch target.

Heap Overflow Buffer Overflow Microsoft +13
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows App Installer (the AppX/MSIX deployment component) lets a low-privileged but authenticated user corrupt memory via a use-after-free (CWE-416) and gain higher privileges on the host. The flaw affects Windows 11 (23H2, 24H2, 25H2, 26H1) and Windows Server 2025, was reported by Microsoft, and has a vendor patch available. There is no public exploit identified at time of analysis and it is not on CISA KEV, though the CVSS 7.0 rating and full C/I/A impact make it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service +7
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows App Installer (App Installer / MSIX handler) on Windows 11 (23H2 through 26H1) and Windows Server 2025 lets an already-authenticated local attacker win a timing race to elevate to higher privileges. The flaw stems from improper synchronization of a shared resource during concurrent execution, and Microsoft has released a patch. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure +6
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in the Microsoft ODBC Driver for SQL Server (shipped across Windows 10, Windows 11, and Windows Server 2012 through 2025) stems from a heap-based buffer overflow that lets an attacker run arbitrary code over the network. The supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) scores it 9.8 and marks it unauthenticated, though as a database driver flaw the realistic trigger is a client connecting to a malicious or compromised SQL Server endpoint. There is no public exploit identified at time of analysis and no CISA KEV listing, so this is a high-severity but not yet actively-exploited issue.

Heap Overflow Buffer Overflow Windows 10 Version 1607 +18
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Secure Kernel Mode (SKM/VTL1) allows an already-authenticated attacker to elevate to higher privileges on affected Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025 systems. The flaw stems from improper consistency validation of input crossing the trust boundary into the isolated secure kernel (CWE-1288), yielding full confidentiality, integrity, and availability impact on the local host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +14
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows Kernel across Windows 10, Windows 11 (versions 22H3 through 26H1), and Windows Server 2022 allows authenticated local attackers to gain SYSTEM-level privileges through heap corruption. Microsoft has released patches addressing this CWE-122 heap-based buffer overflow. EPSS data not available for risk quantification, and no CISA KEV listing indicates exploitation has not been publicly confirmed, though the vulnerability's low attack complexity (AC:L) and minimal prerequisites (PR:L) make it attractive for post-compromise privilege escalation in targeted attacks.

Heap Overflow Microsoft Buffer Overflow +11
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy