Skip to main content

Windows Subsystem For Linux Wsl2

2 CVEs product

Monthly

CVE-2026-57973 MEDIUM PATCH Exploit Unlikely This Month

Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to perform tampering locally.

Microsoft Information Disclosure Windows Subsystem For Linux Wsl2
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2026-57968 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft's Windows Subsystem for Linux (WSL2) allows a low-privileged authenticated user on the Windows host to elevate to higher privileges by triggering a buffer over-read (CWE-126). Microsoft (the reporting vendor) has released a fix via MSRC, and there is no public exploit identified at time of analysis. With a CVSS 3.1 base score of 7.8 and full high impact to confidentiality, integrity and availability, it is a meaningful local EoP but requires prior code-execution access on the machine.

Buffer Overflow Microsoft Windows Subsystem For Linux Wsl2
NVD
CVSS 3.1
7.8
EPSS
0.3%
EPSS 0% CVSS 6.3
MEDIUM PATCH Exploit Unlikely This Month

Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to perform tampering locally.

Microsoft Information Disclosure Windows Subsystem For Linux Wsl2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft's Windows Subsystem for Linux (WSL2) allows a low-privileged authenticated user on the Windows host to elevate to higher privileges by triggering a buffer over-read (CWE-126). Microsoft (the reporting vendor) has released a fix via MSRC, and there is no public exploit identified at time of analysis. With a CVSS 3.1 base score of 7.8 and full high impact to confidentiality, integrity and availability, it is a meaningful local EoP but requires prior code-execution access on the machine.

Buffer Overflow Microsoft Windows Subsystem For Linux Wsl2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy