CVE-2026-54109

Published Jul 14, 2026

Last updated 12 hours ago

Overview

Description
Integer overflow or wraparound in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_24h2, windows_11_25h2, windows_11_26h1, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2025

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-122

Social media

Hype score
Not currently trending

Configurations

References

Sources include official advisories and independent security research.