AI description
Automated description summarized from trusted sources.
CVE-2026-26128 is an improper authentication vulnerability found within the Windows SMB Server. This flaw allows an authorized attacker to elevate their privileges locally on an affected system. Categorized as an authentication bypass (CWE-287), the vulnerability enables an attacker who already possesses local access with low-level privileges to escalate to higher privilege levels.
- Description
- Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_11_26h1, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-287
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5AA53525-2EE3-4815-9EEB-49572C16AFC1",
"versionEndExcluding": "10.0.14393.8957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "CB112C3D-A9C8-41A3-A3DD-ACB42387D087",
"versionEndExcluding": "10.0.14393.8957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "B2DCF6CD-BA92-4DB2-855E-DE8158AC6B57",
"versionEndExcluding": "10.0.17763.8511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "40D953EB-E3B1-471A-8400-957984A092EB",
"versionEndExcluding": "10.0.17763.8511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "35CA4CA1-5EDE-4612-9C17-9AA167F773B9",
"versionEndExcluding": "10.0.19044.7058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C18770C8-2B7F-4212-8A4F-1101ABFF4C44",
"versionEndExcluding": "10.0.19044.7058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "DD070C42-5A71-4D20-B9BA-766565DFC99B",
"versionEndExcluding": "10.0.19044.7058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "17DCF9E0-A09A-48A3-B281-D22EE76B8062",
"versionEndExcluding": "10.0.19045.7058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "51FF473A-566D-45FB-868D-03F3907E094A",
"versionEndExcluding": "10.0.19045.7058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "5FC02001-58B6-4EE4-9552-003F2412ED0C",
"versionEndExcluding": "10.0.19045.7058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "E8B076BC-42F9-4972-BE73-3874E694CD3A",
"versionEndExcluding": "10.0.22631.6783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6E98A971-B530-4289-B7B2-8403BD2DAD07",
"versionEndExcluding": "10.0.22631.6783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3381C469-C150-4724-8A53-E11794797D9F",
"versionEndExcluding": "10.0.26100.7979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6F1A77F2-59BC-4F92-81A0-2A4E8981FEFB",
"versionEndExcluding": "10.0.26100.7979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "58F3AA3B-9960-48F9-B013-8CF6BA09893C",
"versionEndExcluding": "10.0.26200.7979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F113DAFC-91E5-42C1-A2C3-B9C9286D240B",
"versionEndExcluding": "10.0.26200.7979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "30606CC6-21D2-4EAC-B568-DABA2786EC61",
"versionEndExcluding": "10.0.28000.1719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "62E818F7-1053-4CD2-9CCE-EF84D3FA7861",
"versionEndExcluding": "10.0.28000.1719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E31E4CDC-138B-41CF-927A-0528A6F605FB",
"versionEndExcluding": "10.0.14393.8957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA555D5-4452-4CD0-AB68-BA175C34EC3A",
"versionEndExcluding": "10.0.17763.8511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C037CFF5-1294-4724-A28C-42B72A7F0B2E",
"versionEndExcluding": "10.0.20348.4830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3C9232-BEAB-4D6B-B465-4C4643098054",
"versionEndExcluding": "10.0.25398.2207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "04014C9F-24B4-4A7A-B2E1-B80EFB7F6D4E",
"versionEndExcluding": "10.0.26100.32463",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]