CVE-2022-26904

HIGH KEV

Windows User Profile Service - Privilege Escalation

Title source: llm

Description

Windows User Profile Service Elevation of Privilege Vulnerability

Exploits (1)

metasploit WORKING POC EXCELLENT
by KLINIX5, Grant Willcox · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/cve_2022_26904_superprofile.rb

References (2)

Scores

CVSS v3 7.0
EPSS 0.2159
EPSS Percentile 95.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-04-25
VulnCheck KEV 2022-04-14
InTheWild.io 2022-04-14
ENISA EUVD EUVD-2022-31451
CWE
CWE-362
Status published
Products (19)
microsoft/windows_10_1507 < 10.0.10240.19265
microsoft/windows_10_1607 < 10.0.14393.5066
microsoft/windows_10_1809 < 10.0.17763.2803
microsoft/windows_10_1909 < 10.0.18363.2212
microsoft/windows_10_20h2 < 10.0.19042.1645
microsoft/windows_10_21h1 < 10.0.19043.1645
microsoft/windows_10_21h2 < 10.0.19044.1645
microsoft/windows_11_21h2 < 10.0.22000.613
microsoft/windows_7
microsoft/windows_8.1
... and 9 more
Published Apr 15, 2022
KEV Added Apr 25, 2022
Tracked Since Feb 18, 2026