CVE-2026-26181

HIGH

Microsoft Brokering File System Elevation of Privilege Vulnerability

Title source: cna
STIX 2.1

Description

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

References (1)

Scores

CVSS v3 7.8
EPSS 0.0004
EPSS Percentile 13.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-362 CWE-416
Status published
Products (15)
Microsoft/Windows 11 version 22H3 10.0.22631.0 - 10.0.22631.6936
Microsoft/Windows 11 Version 23H2 10.0.22631.0 - 10.0.22631.6936
Microsoft/Windows 11 Version 24H2 10.0.26100.0 - 10.0.26100.32690
Microsoft/Windows 11 Version 24H2 10.0.26100.0 - 10.0.26100.8246
Microsoft/Windows 11 Version 25H2 10.0.26200.0 - 10.0.26200.8246
Microsoft/Windows 11 version 26H1 10.0.28000.0 - 10.0.28000.1836
Microsoft/Windows Server 2022, 23H2 Edition (Server Core installation) 10.0.25398.0 - 10.0.25398.2274
Microsoft/Windows Server 2025 10.0.26100.0 - 10.0.26100.32690
Microsoft/Windows Server 2025 (Server Core installation) 10.0.26100.0 - 10.0.26100.32690
microsoft/windows_11_23h2 < 10.0.22631.6936 (2 CPE variants)
... and 5 more
Published Apr 14, 2026
Tracked Since Apr 14, 2026