Microsoft Windows 11 26h1 — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Windows 11 26h1, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2026-41096 — CVSS 9.8 (critical): Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
CVE-2026-44815 — CVSS 9.8 (critical): Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
CVE-2026-47291 — CVSS 9.8 (critical): Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
CVE-2026-42904 — CVSS 9.6 (critical): Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-45602 — CVSS 9.1 (critical): No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
CVE-2026-47653 — CVSS 8.8 (high): Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-25188 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-32225 — CVSS 8.8 (high): Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-40403 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2026-47289 — CVSS 8.8 (high): Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-34329 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-25177 — CVSS 8.8 (high): Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate…
CVE-2026-42985 — CVSS 8.8 (high): Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-24283 — CVSS 8.8 (high): Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally.
CVE-2026-26167 — CVSS 8.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an…
CVE-2026-32157 — CVSS 8.8 (high): Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-45607 — CVSS 8.4 (high): Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-44810 — CVSS 8.4 (high): Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32221 — CVSS 8.4 (high): Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.
CVE-2026-45641 — CVSS 8.4 (high): Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-32162 — CVSS 8.4 (high): Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32091 — CVSS 8.4 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an…
CVE-2026-47652 — CVSS 8.2 (high): Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-45599 — CVSS 8.1 (high): Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
CVE-2026-42974 — CVSS 8.1 (high): Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CVE-2026-45635 — CVSS 8.1 (high): Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
CVE-2026-33827 — CVSS 8.1 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized…
CVE-2026-42981 — CVSS 8.1 (high): Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CVE-2026-40415 — CVSS 8.1 (high): Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
CVE-2026-25173 — CVSS 8.0 (high): Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a…
CVE-2026-48578 — CVSS 7.9 (high): Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-45654 — CVSS 7.9 (high): Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48575 — CVSS 7.9 (high): Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48576 — CVSS 7.9 (high): Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48573 — CVSS 7.9 (high): Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-45588 — CVSS 7.9 (high): Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-47656 — CVSS 7.9 (high): Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.
CVE-2026-48568 — CVSS 7.9 (high): Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48570 — CVSS 7.9 (high): Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-26180 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26181 — CVSS 7.8 (high): Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-24292 — CVSS 7.8 (high): Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-26184 — CVSS 7.8 (high): Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-27907 — CVSS 7.8 (high): Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-24293 — CVSS 7.8 (high): Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-27909 — CVSS 7.8 (high): Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
CVE-2026-27910 — CVSS 7.8 (high): Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges…
CVE-2026-27911 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an…
CVE-2026-27914 — CVSS 7.8 (high): Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.
CVE-2026-27915 — CVSS 7.8 (high): Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27916 — CVSS 7.8 (high): Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-24294 — CVSS 7.8 (high): Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
CVE-2026-27918 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker…
CVE-2026-27919 — CVSS 7.8 (high): Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges…
CVE-2026-27920 — CVSS 7.8 (high): Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges…
CVE-2026-27923 — CVSS 7.8 (high): Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-25165 — CVSS 7.8 (high): Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally.
CVE-2026-27927 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an…
CVE-2026-25166 — CVSS 7.8 (high): Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally.
CVE-2026-45658 — CVSS 7.8 (high): Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-32069 — CVSS 7.8 (high): Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-48574 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-32074 — CVSS 7.8 (high): Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32076 — CVSS 7.8 (high): Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-32077 — CVSS 7.8 (high): Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges…
CVE-2026-32078 — CVSS 7.8 (high): Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-45656 — CVSS 7.8 (high): Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
CVE-2026-25174 — CVSS 7.8 (high): Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally.
CVE-2026-25176 — CVSS 7.8 (high): Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45638 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-32089 — CVSS 7.8 (high): Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
CVE-2026-32090 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an…
CVE-2026-45637 — CVSS 7.8 (high): Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-32152 — CVSS 7.8 (high): Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32153 — CVSS 7.8 (high): Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2026-32154 — CVSS 7.8 (high): Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-40397 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40399 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker…
CVE-2026-40407 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40408 — CVSS 7.8 (high): Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-41088 — CVSS 7.8 (high): Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized…
CVE-2026-41092 — CVSS 7.8 (high): Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.
CVE-2026-44808 — CVSS 7.8 (high): Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-26156 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-26159 — CVSS 7.8 (high): Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate…
CVE-2026-42828 — CVSS 7.8 (high): Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-42829 — CVSS 7.8 (high): Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.
CVE-2026-26160 — CVSS 7.8 (high): Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate…
CVE-2026-42837 — CVSS 7.8 (high): Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-42896 — CVSS 7.8 (high): Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44807 — CVSS 7.8 (high): Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-42905 — CVSS 7.8 (high): Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44804 — CVSS 7.8 (high): Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44803 — CVSS 7.8 (high): Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2026-42910 — CVSS 7.8 (high): Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26161 — CVSS 7.8 (high): Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26162 — CVSS 7.8 (high): Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.
CVE-2026-44802 — CVSS 7.8 (high): Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-42916 — CVSS 7.8 (high): Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-42991 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an…
CVE-2026-42989 — CVSS 7.8 (high): Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
CVE-2026-42986 — CVSS 7.8 (high): Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-42977 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an…
CVE-2026-42978 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an…
CVE-2026-42979 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an…
CVE-2026-42980 — CVSS 7.8 (high): Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-42983 — CVSS 7.8 (high): Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-24287 — CVSS 7.8 (high): External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26168 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for…
CVE-2026-26170 — CVSS 7.8 (high): Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
CVE-2026-26172 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an…
CVE-2026-24290 — CVSS 7.8 (high): Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-26176 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-24291 — CVSS 7.8 (high): Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker…
CVE-2026-25187 — CVSS 7.8 (high): Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
CVE-2026-34333 — CVSS 7.8 (high): Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34334 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker…
CVE-2026-34336 — CVSS 7.8 (high): Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-34337 — CVSS 7.8 (high): Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-34338 — CVSS 7.8 (high): Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-44813 — CVSS 7.8 (high): Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-34343 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.
CVE-2026-34344 — CVSS 7.8 (high): Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized…
CVE-2026-34351 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker…
CVE-2026-35415 — CVSS 7.8 (high): Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-26153 — CVSS 7.8 (high): Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-35417 — CVSS 7.8 (high): Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-35418 — CVSS 7.8 (high): Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-44812 — CVSS 7.8 (high): Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2026-35421 — CVSS 7.8 (high): Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
CVE-2026-44811 — CVSS 7.8 (high): Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-40369 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-40377 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
CVE-2026-44809 — CVSS 7.8 (high): Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40382 — CVSS 7.8 (high): Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-40398 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-32158 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an…
CVE-2026-32159 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an…
CVE-2026-32160 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an…
CVE-2026-32163 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an…
CVE-2026-32164 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an…
CVE-2026-32165 — CVSS 7.8 (high): Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-45636 — CVSS 7.8 (high): Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-32183 — CVSS 7.8 (high): Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized…
CVE-2026-23673 — CVSS 7.8 (high): Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-45605 — CVSS 7.8 (high): Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2026-45600 — CVSS 7.8 (high): Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate…
CVE-2026-45592 — CVSS 7.8 (high): Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-45586 — CVSS 7.8 (high): Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker…
CVE-2026-32222 — CVSS 7.8 (high): Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-45487 — CVSS 7.8 (high): Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate…
CVE-2026-33098 — CVSS 7.8 (high): Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-33101 — CVSS 7.8 (high): Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
CVE-2026-33828 — CVSS 7.8 (high): Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.
CVE-2026-33834 — CVSS 7.8 (high): Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.
CVE-2026-33835 — CVSS 7.8 (high): Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-33837 — CVSS 7.8 (high): Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-33838 — CVSS 7.8 (high): Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
CVE-2026-33840 — CVSS 7.8 (high): Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-33841 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-34330 — CVSS 7.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized…
CVE-2026-44801 — CVSS 7.5 (high): Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-48563 — CVSS 7.5 (high): Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42992 — CVSS 7.5 (high): Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42993 — CVSS 7.5 (high): Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-32161 — CVSS 7.5 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows…
CVE-2026-44799 — CVSS 7.5 (high): Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-33096 — CVSS 7.5 (high): Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
CVE-2026-40405 — CVSS 7.5 (high): Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.
CVE-2026-23674 — CVSS 7.5 (high): Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-35424 — CVSS 7.5 (high): Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny…
CVE-2026-45639 — CVSS 7.5 (high): Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-42913 — CVSS 7.5 (high): Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42909 — CVSS 7.5 (high): Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-32071 — CVSS 7.5 (high): Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over…
CVE-2026-42908 — CVSS 7.5 (high): Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-25181 — CVSS 7.5 (high): Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network.
CVE-2026-40406 — CVSS 7.5 (high): Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
CVE-2026-49160 — CVSS 7.5 (high): Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.
CVE-2026-32156 — CVSS 7.4 (high): Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.
CVE-2026-26151 — CVSS 7.1 (high): Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a…