AI description
CVE-2026-40369 is identified as an untrusted pointer dereference vulnerability residing within the Windows Kernel. This flaw enables an authorized attacker to achieve local privilege escalation. The vulnerability allows an attacker, who already has authorized access to the system, to elevate their privileges. This issue was published on May 12, 2026, and is categorized as an Elevation of Privilege vulnerability.
- Description
- Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Modified
- Products
- windows_11_24h2, windows_11_25h2, windows_11_26h1, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-822
- Hype score
- Not currently trending
🚨 #CVE-2026-40369 Exploit in the Wild: Single Syscall Grants SYSTEM from Browser Sandbox + Video https://t.co/UdLPR8LaOj Educational Purposes!
@UndercodeUpdate
6 Jun 2026
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-21182 2 - CVE-2026-40369 3 - CVE-2026-0257 4 - CVE-2023-41011 5 - CVE-2026-35563 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
2 Jun 2026
161 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Escaping the Browser Sandbox via the Windows Kernel Vulnerability CVE-2026-40369 PT ID: PT-2026-40204 The article examines the vulnerability CVE-2026-40369 -> (https://t.co/RxSuZ9zEgw), which enables a browser sandbox escape due to an error in handling a system call. The aut
@ptdbugs
1 Jun 2026
2112 Impressions
13 Retweets
41 Likes
13 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-48095 2 - CVE-2026-45585 3 - CVE-2026-40369 4 - CVE-2026-42826 5 - CVE-2026-0257 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
31 May 2026
148 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-40369: Arbitrary Kernel Address Increment via NtQuerySystemInformation TL;dR: One syscall from any unprivileged process, even inside Chrome’s renderer sandbox, can increment arbitrary kernel memory addresses, giving SYSTEM privilege escalation https://t.co/GxOsYFEJ2
@5mukx
30 May 2026
822 Impressions
7 Retweets
22 Likes
16 Bookmarks
2 Replies
0 Quotes
CVE-2026-40369 Arbitrary Kernel https://t.co/ABwggdOZSK
@0xAllow
28 May 2026
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windows 11 系のカーネルEoP、CVE-2026-40369について 個人的に注目してるのは下記 一般権限のユーザーアカウントで実行可能 対象はWindows 11 24H2以降(Server 2025含む) おそらくユーザー⇔カーネルIFの刷新時 Claude (お
@noviiro
27 May 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox https://t.co/3bwYHEtgFS
@warthogtk
24 May 2026
67 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
ثغرة خطيرة في نواة ويندوز تسمح بتجاوز عزل المتصفح بالكامل من عملية الـ render. نشر كود استغلال كامل للثغرة CVE-2026-40369 يرفع مستوى الخطر على الأنظمة غير المحدثة
@fad_777
24 May 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
اثنتا عشرة بايت فقط كانت كافية للهروب من sandbox في المتصفح في ثغرة CVE-2026-40369. تفاصيل دقيقة تكشف كيف يمكن لخطأ صغير جدًا أن يفتح بابًا واسعًا للهجوم، وتؤكد أهم
@fad_777
22 May 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 May Microsoft Patch Tuesday: 119 vulns, 1 public exploit 🔥 EoP Windows Kernel (CVE-2026-40369); RCE DNS Client (CVE-2026-41096), Netlogon DC RCE (CVE-2026-41089), TCP/IP UAF (CVE-2026-40415) #PatchTuesday #Microsoft #Windows #AD #Vulristics ➡️ https://t.co/A8REynPvse
@leonov_av
19 May 2026
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windows Kernel Elevation of Privilege Vulnerability CVE: CVE-2026-40369 PT ID: PT-2026-40204 Vendor: Microsoft Product: Windows 11 Version 24H2 CVSS: 7.8 Credits: n/a Description: Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate
@ptdbugs
19 May 2026
81 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-2276 2 - CVE-2026-42945 3 - CVE-2026-20182 4 - CVE-2026-40369 5 - CVE-2026-29205 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
19 May 2026
140 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
GitHub - orinimron123/CVE-2026-40369-EXPLOIT: Full exploit code for CVE-2026-40369 - A Windows kernel arbitrary write vulnerability that allows browser sandbox escape from all browsers render process sandbox · GitHub https://t.co/12eWzOQNR8
@akaclandestine
18 May 2026
6289 Impressions
32 Retweets
121 Likes
69 Bookmarks
0 Replies
0 Quotes
CVE-2026-40369: Arbitrary Kernel Address Increment via NtQuerySystemInformation (Class 253) https://t.co/wAP0B8UQAM
@ytroncal
17 May 2026
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "048AD3CD-DD62-4B62-9302-61779D998B4A",
"versionEndExcluding": "10.0.26100.8390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3682F4DD-0870-4E39-B75E-649C89BB1E08",
"versionEndExcluding": "10.0.26100.8390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "C2C93D38-DFD7-4DE1-95B8-6D73E4A545D6",
"versionEndExcluding": "10.0.26200.8390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "05EB89A0-2ADD-4B67-A644-41FE1DE69E4A",
"versionEndExcluding": "10.0.26200.8390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "D45A5D2F-E058-4033-B184-BAE224FC1CEA",
"versionEndExcluding": "10.0.28000.2113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5127F350-9271-4B74-84E0-D7E5D2D5640E",
"versionEndExcluding": "10.0.28000.2113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABAB3B9-28AF-4278-8E78-E1191B1AFC0C",
"versionEndExcluding": "10.0.26100.32772",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]