製品・ソフトウェアに関する情報
日立ディスクアレイシステムにおけるSVP 脆弱性対策について (2026年5月分)
Title 日立ディスクアレイシステムにおけるSVP 脆弱性対策について (2026年5月分)
Summary

Microsoft製品に対して、以下に示す脆弱性が公開されました。 [脆弱性の内容] <ol><li>AMD: CVE-2025-54518 CPU OP キャッシュにおけるデータ破損 (CVE-2025-54518)</li><li>Windows リッチ テキスト エディットの特権昇格の脆弱性 (CVE-2026-21530)</li><li>Windows ネイティブ WiFi ミニポート ドライバーのリモートでコードが実行される脆弱性 (CVE-2026-32161)</li><li>Windows リッチ テキスト エディットの特権昇格の脆弱性 (CVE-2026-32170)</li><li>.NET の特権の昇格の脆弱性 (CVE-2026-32177)</li><li>Windows フィルタリング プラットフォーム (WFP) のセキュリティ機能のバイパスの脆弱性 (CVE-2026-32209)</li><li>Windows Event Logging Service の特権の昇格の脆弱性 (CVE-2026-33834)</li><li>Windows Cloud Files Mini Filter ドライバーの特権の昇格の脆弱性 (CVE-2026-33835)</li><li>Windows TCP/IP Local の特権昇格の脆弱性 (CVE-2026-33837)</li><li>Windows メッセージ キュー (MSMQ) の特権昇格の脆弱性 (CVE-2026-33838)</li><li>Win32k の特権の昇格の脆弱性 (CVE-2026-33839)</li><li>Windows カーネルの特権の昇格の脆弱性 (CVE-2026-33841)</li><li>Microsoft Message Queuing (MSMQ) のリモートでコードが実行される脆弱性 (CVE-2026-34329)</li><li>Win32k の特権の昇格の脆弱性 (CVE-2026-34330)</li><li>Win32k の特権の昇格の脆弱性 (CVE-2026-34331)</li><li>Windows Win32k の特権の昇格の脆弱性 (CVE-2026-34333)</li><li>Windows TCP/IP の特権昇格の脆弱性 (CVE-2026-34334)</li><li>Windows DWM Core ライブラリの情報漏えいの脆弱性 (CVE-2026-34336)</li><li>Windows Cloud Files Mini Filter ドライバーの特権の昇格の脆弱性 (CVE-2026-34337)</li><li>Windows テレフォニー サービスの特権昇格の脆弱性 (CVE-2026-34338)</li><li>Windows ライトウェイト ディレクトリ アクセス プロトコル (LDAP) のサービス拒否の脆弱性 (CVE-2026-34339)</li><li>Windows Projected File System の特権の昇格の脆弱性 (CVE-2026-34340)</li><li>Windows Link-Layer Discovery Protocol (LLDP) の特権昇格の脆弱性 (CVE-2026-34341)</li><li>Windows 印刷スプーラーの特権の昇格の脆弱性 (CVE-2026-34342)</li><li>Windows アプリケーション ID (AppID) のサブシステムの特権昇格の脆弱性 (CVE-2026-34343)</li><li>WinSock 用 Windows Ancillary Function Driver の特権の昇格の脆弱性 (CVE-2026-34344)</li><li>WinSock 用 Windows Ancillary Function Driver の特権の昇格の脆弱性 (CVE-2026-34345)</li><li>Windows Win32k の特権の昇格の脆弱性 (CVE-2026-34347)</li><li>Windows TCP/IP の特権昇格の脆弱性 (CVE-2026-34351)</li><li>Windows 記憶域スペース コントローラーの特権昇格の脆弱性 (CVE-2026-35415)</li><li>WinSock 用 Windows Ancillary Function Driver の特権の昇格の脆弱性 (CVE-2026-35416)</li><li>Windows Win32k の特権の昇格の脆弱性 (CVE-2026-35417)</li><li>Windows Cloud Files Mini Filter ドライバーの特権の昇格の脆弱性 (CVE-2026-35418)</li><li>Windows GDI のリモートでコードが実行される脆弱性 (CVE-2026-35421)</li><li>Windows TCP/IP ドライバーのセキュリティ機能のバイパスの脆弱性 (CVE-2026-35422)</li><li>Windows 11 Telnet クライアントの情報漏えいの脆弱性 (CVE-2026-35423)</li><li>インターネット キー交換 (IKE) プロトコルのサービス拒否の脆弱性 (CVE-2026-35424)</li><li>Microsoft Cryptographic Services の特権の昇格の脆弱性 (CVE-2026-40377)</li><li>Windows ボリューム マネージャー拡張ドライバーのリモートでコードが実行される脆弱性 (CVE-2026-40380)</li><li>Windows テレフォニー サービスの特権昇格の脆弱性 (CVE-2026-40382)</li><li>Windows 共通ログ ファイル システム ドライバーの特権の昇格の脆弱性 (CVE-2026-40397)</li><li>Windows リモート デスクトップ サービスの特権昇格の脆弱性 (CVE-2026-40398)</li><li>Windows TCP/IP の特権昇格の脆弱性 (CVE-2026-40399)</li><li>Windows TCP/IP のサービス拒否の脆弱性 (CVE-2026-40401)</li><li>Windows グラフィックス コンポーネントのリモートでコードが実行される脆弱性 (CVE-2026-40403)</li><li>Windows TCP/IP の情報漏えいの脆弱性 (CVE-2026-40406)</li><li>Windows 共通ログ ファイル システム ドライバーの特権の昇格の脆弱性 (CVE-2026-40407)</li><li>Windows WAN ARP Driver Elevation of Privilege Vulnerability (CVE-2026-40408)</li><li>Windows SMB クライアントの特権の昇格の脆弱性 (CVE-2026-40410)</li><li>Windows TCP/IP のサービス拒否の脆弱性 (CVE-2026-40413)</li><li>Windows TCP/IP のサービス拒否の脆弱性 (CVE-2026-40414)</li><li>Windows TCP/IP のリモートでコードが実行される脆弱性 (CVE-2026-40415)</li><li>WinSock 用 Windows Ancillary Function Driver の特権の昇格の脆弱性 (CVE-2026-41088)</li><li>セキュア ブートのセキュリティ機能のバイパスの脆弱性 (CVE-2026-41097)</li><li>Windows テレフォニー サービスの特権昇格の脆弱性 (CVE-2026-42825)</li></ol>SVPは直接ストレージ機能には係わりませんので、万一攻撃者から攻撃された場合であってもストレージとしてのデータの内容およびRead/Write機能に支障はありません。また日立ディスクアレイシステムに蓄積されているデータを読み取られることもありません。

Possible impacts 想定される影響については、ベンダ情報をご確認ください。
Solution

ベンダ情報を参照して適切な対策を実施してください。

Publication Date July 9, 2026, midnight
Registration Date July 17, 2026, 12:17 p.m.
Last Update July 17, 2026, 12:17 p.m.
Affected System
日立
Hitachi Virtual Storage Platform 5100 [Windows 10 for x64-based Systems (Version1809)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform 5100 [Windows 10 for x64-based Systems (Version21H2)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform 5100H [Windows 10 for x64-based Systems (Version1809)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform 5100H [Windows 10 for x64-based Systems (Version21H2)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform 5200 [Windows 10 for x64-based Systems (Version1809)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform 5200 [Windows 10 for x64-based Systems (Version21H2)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform 5200H [Windows 10 for x64-based Systems (Version1809)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform 5200H [Windows 10 for x64-based Systems (Version21H2)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform 5500 [Windows 10 for x64-based Systems (Version1809)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform 5500 [Windows 10 for x64-based Systems (Version21H2)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform 5500H [Windows 10 for x64-based Systems (Version1809)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform 5500H [Windows 10 for x64-based Systems (Version21H2)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform 5600 [Windows 10 for x64-based Systems (Version1809)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform 5600 [Windows 10 for x64-based Systems (Version21H2)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform 5600H [Windows 10 for x64-based Systems (Version1809)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform 5600H [Windows 10 for x64-based Systems (Version21H2)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform E1090 [Windows 10 for x64-based Systems (Version1809)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform E1090 [Windows 10 for x64-based Systems (Version21H2)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform E1090H [Windows 10 for x64-based Systems (Version1809)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform E1090H [Windows 10 for x64-based Systems (Version21H2)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform E390 [Windows 10 for x64-based Systems (Version1809)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform E390 [Windows 10 for x64-based Systems (Version21H2)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform E390H [Windows 10 for x64-based Systems (Version1809)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform E390H [Windows 10 for x64-based Systems (Version21H2)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform E590 [Windows 10 for x64-based Systems (Version1809)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform E590 [Windows 10 for x64-based Systems (Version21H2)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform E590H [Windows 10 for x64-based Systems (Version1809)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform E590H [Windows 10 for x64-based Systems (Version21H2)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform E790 [Windows 10 for x64-based Systems (Version1809)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform E790 [Windows 10 for x64-based Systems (Version21H2)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform E790H [Windows 10 for x64-based Systems (Version1809)]が搭載されている場合 (CVE-2025-54518、…)
Hitachi Virtual Storage Platform E790H [Windows 10 for x64-based Systems (Version21H2)]が搭載されている場合 (CVE-2025-54518、…)
CVE (情報セキュリティ 共通脆弱性識別子)
ベンダー情報
Change Log
No Changed Details Date of change
1 [2026年07月17日]
  掲載
July 17, 2026, 12:17 p.m.

NVD Vulnerability Information
CVE-2025-54518
Summary

Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.

Publication Date May 15, 2026, 2:16 p.m.
Registration Date May 17, 2026, 4:11 a.m.
Last Update May 15, 2026, 11:10 p.m.
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-21530
Summary

Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:16 a.m.
Registration Date May 13, 2026, 4:13 a.m.
Last Update May 14, 2026, 11:56 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8457
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8457
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5139
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32860
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-32161
Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.

Publication Date May 13, 2026, 3:16 a.m.
Registration Date May 13, 2026, 4:13 a.m.
Last Update May 14, 2026, 11:54 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5139
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-32170
Summary

Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:16 a.m.
Registration Date May 13, 2026, 4:13 a.m.
Last Update May 14, 2026, 11:52 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5139
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-32177
Summary

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:16 a.m.
Registration Date May 13, 2026, 4:13 a.m.
Last Update May 14, 2026, 12:34 a.m.
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-32209
Summary

Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:13 a.m.
Last Update May 14, 2026, 11:51 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-33834
Summary

Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 14, 2026, 11:49 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-33835
Summary

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 14, 2026, 11:47 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-33837
Summary

Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 14, 2026, 11:46 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-33838
Summary

Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 14, 2026, 11:45 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-33839
Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 14, 2026, 11:44 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-33841
Summary

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 14, 2026, 11:42 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-34329
Summary

Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 12:43 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-34330
Summary

Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 12:27 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-34331
Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 12:26 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-34333
Summary

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 12:25 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-34334
Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 12:23 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-34336
Summary

Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 12:17 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-34337
Summary

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 12:16 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-34338
Summary

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 12:15 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-34339
Summary

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 12:14 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-34340
Summary

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 12:12 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-34341
Summary

Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, midnight
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-34342
Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 14, 2026, 11:59 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-34343
Summary

Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 14, 2026, 11:58 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-34344
Summary

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 2:48 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-34345
Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 2:46 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-34347
Summary

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 2:45 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-34351
Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 2:44 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-35415
Summary

Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 12:57 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-35416
Summary

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 12:55 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-35417
Summary

Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 12:54 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-35418
Summary

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 12:53 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-35421
Summary

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 3:05 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-35422
Summary

Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 3:04 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-35423
Summary

Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 3:03 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-35424
Summary

Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 3:02 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-40377
Summary

Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 2:52 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-40380
Summary

Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 15, 2026, 2:49 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-40382
Summary

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 16, 2026, 12:32 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-40397
Summary

Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 16, 2026, 12:28 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-40398
Summary

Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 16, 2026, 12:27 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-40399
Summary

Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 16, 2026, 12:26 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-40401
Summary

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 16, 2026, 12:25 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-40403
Summary

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 16, 2026, 12:22 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-40406
Summary

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 16, 2026, 12:20 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-40407
Summary

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 16, 2026, 12:19 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-40408
Summary

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 16, 2026, 12:11 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-40410
Summary

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:14 a.m.
Last Update May 16, 2026, 12:10 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-40413
Summary

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:15 a.m.
Last Update May 16, 2026, 12:08 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-40414
Summary

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:15 a.m.
Last Update May 16, 2026, 12:07 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-40415
Summary

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:15 a.m.
Last Update May 16, 2026, 12:06 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-41088
Summary

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:15 a.m.
Last Update May 16, 2026, 12:45 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-41097
Summary

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:15 a.m.
Last Update May 16, 2026, 12:36 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8390
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5074
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.32772
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-42825
Summary

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Publication Date May 13, 2026, 3:17 a.m.
Registration Date May 13, 2026, 4:15 a.m.
Last Update May 14, 2026, 11:26 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* 10.0.19044.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* 10.0.19045.7291
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* 10.0.22631.7079
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8457
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8457
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8457
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8457
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2113
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* 10.0.14393.9140
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* 10.0.17763.8755
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* 10.0.20348.5139
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:* 10.0.25398.2330
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:* 10.0.26100.32860
Related information, measures and tools
Common Vulnerabilities List