CVE-2026-40369
HIGHMicrosoft Windows 11 Version 24H2 - Windows Kernel Elevation of Privilege Vulnerability
Title source: ruleExploitation Summary
EIP tracks 8 public exploits for CVE-2026-40369. PoCs published by Hex0rc1st, CCELEND, 0xBlackash.
AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-40369, targeting a Windows kernel vulnerability. The exploit leverages NtQuerySystemInformation to manipulate kernel structures, specifically SeDebugPrivilege, to achieve local privilege escalation (LPE).
Description
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
Exploits (8)
This repository contains a functional exploit for CVE-2026-40369, targeting a Windows kernel vulnerability. The exploit leverages NtQuerySystemInformation to manipulate kernel structures, specifically SeDebugPrivilege, to achieve local privilege escalation (LPE).
This repository contains functional exploit code for CVE-2026-40369, demonstrating arbitrary kernel memory writes via a ProbeForWrite bypass in NtQuerySystemInformation (class 253). The PoC includes both basic and full exploit variants, with the latter capable of kernel memory read/write operations.
This repository provides an IDA Python script to extract critical kernel metadata (function RVAs and _EPROCESS structure offsets) from Windows ntoskrnl.exe binaries, aiding in the development of exploits for CVE-2026-40369. It includes detailed technical documentation and usage instructions.
This repository provides a defensive technical analysis of CVE-2026-40369, a Windows Kernel Elevation of Privilege vulnerability. It includes a detailed PDF report focusing on root cause analysis, exploitability constraints, and defensive implications rather than weaponization.
The repository contains functional exploit code for CVE-2026-40369, demonstrating arbitrary kernel memory writes via a ProbeForWrite bypass in NtQuerySystemInformation. It includes multiple PoC variants, including a basic exploit and a full exploit with kernel memory read/write capabilities.
This repository contains a functional exploit for CVE-2026-40369, demonstrating an arbitrary kernel address increment vulnerability in Windows 11 24H2-25H2 via NtQuerySystemInformation (Class 253). The PoC includes both basic and full exploit code, with detailed root cause analysis and crash logs.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H