CVE-2026-32218

MEDIUM

Windows Kernel Information Disclosure Vulnerability

Title source: cna
STIX 2.1

Description

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

References (1)

Scores

CVSS v3 5.5
EPSS 0.0004
EPSS Percentile 12.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-532
Status published
Products (21)
Microsoft/Windows 10 Version 21H2 10.0.19044.0 - 10.0.19044.7184
Microsoft/Windows 10 Version 22H2 10.0.19045.0 - 10.0.19045.7184
Microsoft/Windows 11 version 22H3 10.0.22631.0 - 10.0.22631.6936
Microsoft/Windows 11 Version 23H2 10.0.22631.0 - 10.0.22631.6936
Microsoft/Windows 11 Version 24H2 10.0.26100.0 - 10.0.26100.32690
Microsoft/Windows 11 Version 24H2 10.0.26100.0 - 10.0.26100.8246
Microsoft/Windows 11 Version 25H2 10.0.26200.0 - 10.0.26200.8246
Microsoft/Windows 11 version 26H1 10.0.28000.0 - 10.0.28000.1836
Microsoft/Windows Server 2022 10.0.20348.0 - 10.0.20348.5020
Microsoft/Windows Server 2022, 23H2 Edition (Server Core installation) 10.0.25398.0 - 10.0.25398.2274
... and 11 more
Published Apr 14, 2026
Tracked Since Apr 14, 2026