CVE-2026-47291

Published Jun 9, 2026

Last updated 14 days ago

CVSS critical 9.8

HTTP

Overview

Description: Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
Source: secure@microsoft.com
NVD status: Analyzed
Products: windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_11_26h1, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2025

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

secure@microsoft.com: CWE-122

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "039BC4EF-6E49-4A8C-B1A4-BFAD9F24EC01",
            "versionEndExcluding": "10.0.14393.9234",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
            "matchCriteriaId": "2221A0A5-45F3-4903-943A-19E7AA69496B",
            "versionEndExcluding": "10.0.14393.9234",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "03A4C97D-FE89-4367-9A0E-E4E65BD49E18",
            "versionEndExcluding": "10.0.17763.8880",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
            "matchCriteriaId": "FE809AA0-E917-495F-BB11-59215F47E14F",
            "versionEndExcluding": "10.0.17763.8880",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "3E87DD4E-44FC-4B9A-99AB-D1DB3C67EF79",
            "versionEndExcluding": "10.0.19044.7417",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "A21A9BC4-DE4F-46BE-944F-AD6CAA92BF32",
            "versionEndExcluding": "10.0.19044.7417",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
            "matchCriteriaId": "911336E9-FAEA-4EB5-96D7-8049AE622C61",
            "versionEndExcluding": "10.0.19044.7417",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "B8BB8399-35C5-4654-A679-5E105773615B",
            "versionEndExcluding": "10.0.19045.7417",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "55571EDC-8323-4BAE-B363-113ACEF55CB2",
            "versionEndExcluding": "10.0.19045.7417",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
            "matchCriteriaId": "D14AC77E-34F3-4704-A068-D9020FF60A8C",
            "versionEndExcluding": "10.0.19045.7417",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "92508776-88BE-4872-99DB-1F690F71ADEF",
            "versionEndExcluding": "10.0.22631.7219",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "410079AC-180E-4D7F-B7F6-784E36FEA036",
            "versionEndExcluding": "10.0.22631.7219",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "32DB4863-6880-40B4-8EC1-9E0F40E81D7F",
            "versionEndExcluding": "10.0.26100.8655",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "E691C9E5-5271-436D-A7FD-C25BEA4D447D",
            "versionEndExcluding": "10.0.26100.8655",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "1D3DEE4A-9959-4716-BC39-35660AC22BC4",
            "versionEndExcluding": "10.0.26200.8655",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "1000C085-A5D7-4027-B9C1-6AE7DA468FB7",
            "versionEndExcluding": "10.0.26200.8655",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "9C7AD7ED-307B-40B9-B706-45FB178C36D8",
            "versionEndExcluding": "10.0.28000.2269",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "8967AF79-CAD0-4F87-85A5-95D031C9FEFA",
            "versionEndExcluding": "10.0.28000.2269",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
            "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "B3F7E1F6-48D5-4ECB-9BF8-4238903FC194",
            "versionEndExcluding": "10.0.14393.9234",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "07C08212-A30E-4434-A17C-542E45D1E272",
            "versionEndExcluding": "10.0.17763.8880",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "27363D97-D4A9-4709-9854-F78F7EBCFB27",
            "versionEndExcluding": "10.0.20348.5256",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "E127A6E6-C261-4039-8A13-A2FAC4606573",
            "versionEndExcluding": "10.0.26100.32995",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References