{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "Microsoft heeft kwetsbaarheden verholpen in Windows.", "title": "Feiten" }, { "category": "description", "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Toegang tot gevoelige gegevens\n- Uitvoeren van willekeurige code (gebruikersrechten)\n- Verkrijgen van verhoogde rechten\n- Omzeilen van een beveiligingsmaatregel\n- Spoofing\n\n```\nFunction Discovery Service (fdwsd.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32087 | 7,00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32093 | 7,00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32086 | 7,00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32150 | 7,00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nApplocker Filter Driver (applockerfltr.sys): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-25184 | 7,00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26179 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-26180 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32195 | 7,00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32215 | 5,50 | Toegang tot gevoelige gegevens | \n| CVE-2026-32217 | 5,50 | Toegang tot gevoelige gegevens | \n| CVE-2026-32218 | 5,50 | Toegang tot gevoelige gegevens | \n| CVE-2026-26163 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Remote Procedure Call: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32085 | 5,50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32070 | 7,00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Management Console: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-27914 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Push Notification Core: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26167 | 8,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32158 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32159 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32160 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-26172 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Installer: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-27910 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows File Explorer: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32081 | 5,50 | Toegang tot gevoelige gegevens | \n| CVE-2026-32079 | 5,50 | Toegang tot gevoelige gegevens | \n| CVE-2026-32084 | 5,50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Boot Manager: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26175 | 4,60 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Boot Loader: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-0390 | 6,70 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows User Interface Core: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32165 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-27911 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32163 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32164 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows Speech: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32153 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows USB Print Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32223 | 6,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows COM: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-20806 | 5,50 | Toegang tot gevoelige gegevens | \n| CVE-2026-32162 | 8,40 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nInput-Output Memory Management Unit (IOMMU): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2023-20585 | 5,30 | | \n|----------------|------|-------------------------------------|\n\nUniversal Plug and Play (upnp.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32212 | 5,50 | Toegang tot gevoelige gegevens | \n| CVE-2026-32214 | 5,50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Redirected Drive Buffering: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32216 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Virtualization-Based Security (VBS) Enclave: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-23670 | 5,70 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-32220 | 4,40 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Active Directory: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33826 | 8,00 | Uitvoeren van willekeurige code | \n| CVE-2026-32072 | 6,20 | Voordoen als andere gebruiker | \n|----------------|------|-------------------------------------|\n\nWindows Shell: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26165 | 7,00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-26166 | 7,00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-27918 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32202 | 4,30 | Voordoen als andere gebruiker | \n| CVE-2026-32151 | 6,50 | Toegang tot gevoelige gegevens | \n| CVE-2026-32225 | 8,80 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Server Update Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26154 | 7,50 | | \n| CVE-2026-26174 | 7,00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32224 | 7,00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows TCP/IP: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-27921 | 7,00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-33827 | 8,10 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Kernel Memory: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26169 | 6,10 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows BitLocker: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-27913 | 7,70 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows GDI: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-27931 | 5,50 | Toegang tot gevoelige gegevens | \n| CVE-2026-27930 | 5,50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Kerberos: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-27912 | 8,00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows RPC API: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26183 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Ancillary Function Driver for WinSock: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32073 | 7,00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-26168 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-26173 | 7,00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-26177 | 7,00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-26182 | 7,00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-27922 | 7,00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-33099 | 7,00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-33100 | 7,00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Remote Desktop Licensing Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26160 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-26159 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Snipping Tool: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32183 | 7,80 | Uitvoeren van willekeurige code | \n| CVE-2026-33829 | 4,30 | Voordoen als andere gebruiker | \n|----------------|------|-------------------------------------|\n\nWindows Local Security Authority Subsystem Service (LSASS): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26155 | 6,50 | Toegang tot gevoelige gegevens | \n| CVE-2026-32071 | 7,50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Cryptographic Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26152 | 7,00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows WFP NDIS Lightweight Filter Driver (wfplwfs.sys): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-27917 | 7,00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Print Spooler Components: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33101 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Projected File System: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-27927 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-26184 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32069 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32074 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32078 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows LUAFV: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-27929 | 7,00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Universal Plug and Play (UPnP) Device Host: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-27915 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-27919 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32075 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32156 | 8,40 | Uitvoeren van willekeurige code | \n| CVE-2026-27916 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-27920 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-27925 | 7,50 | Toegang tot gevoelige gegevens | \n| CVE-2026-32077 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - GRFX: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33104 | 7,00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Hello: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-27906 | 4,40 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-27928 | 7,70 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Cloud Files Mini Filter Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-27926 | 7,00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Admin Center: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32196 | 6,10 | Voordoen als andere gebruiker | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - ICOMP: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32222 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nRemote Desktop Client: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32157 | 8,80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows WalletService: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32080 | 7,00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows Search Component: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-27909 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nDesktop Window Manager: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-27924 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32152 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32154 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-27923 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32155 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows HTTP.sys: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33096 | 7,50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Secure Boot: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-25250 | 6,00 | Omzeilen van beveiligingsmaatregel, | \n|----------------|------|-------------------------------------|\n\nMicrosoft PowerShell: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26170 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32181 | 5,50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows SSDP Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32082 | 7,00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32083 | 7,00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32068 | 7,00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Client Side Caching driver (csc.sys): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26176 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Sensor Data Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26161 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Encrypting File System (EFS): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26153 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows TDI Translation Driver (tdx.sys): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-27908 | 7,00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Storage Spaces Controller: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-27907 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32076 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Brokering File System: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26181 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32219 | 7,00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32091 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows IKE Extension: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33824 | 9,80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Biometric Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32088 | 6,10 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Advanced Rasterization Platform: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26178 | 8,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows OLE: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26162 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Recovery Environment Agent: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-20928 | 4,60 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Speech Brokered Api: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32089 | 7,80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-32090 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Container Isolation FS Filter Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33098 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Management Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-20930 | 7,80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nRole: Windows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26156 | 7,80 | Uitvoeren van willekeurige code | \n| CVE-2026-32149 | 7,30 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Remote Desktop: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26151 | 7,10 | Voordoen als andere gebruiker | \n|----------------|------|-------------------------------------|\n\nMicrosoft Graphics Component: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32221 | 8,40 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\n```\n", "title": "Interpretaties" }, { "category": "description", "text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Improper Input Validation", "title": "CWE-20" }, { "category": "general", "text": "Improper Link Resolution Before File Access ('Link Following')", "title": "CWE-59" }, { "category": "general", "text": "Improper Neutralization of Special Elements used in a Command ('Command Injection')", "title": "CWE-77" }, { "category": "general", "text": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "title": "CWE-79" }, { "category": "general", "text": "Stack-based Buffer Overflow", "title": "CWE-121" }, { "category": "general", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "general", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "general", "text": "Buffer Over-read", "title": "CWE-126" }, { "category": "general", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "general", "text": "Integer Underflow (Wrap or Wraparound)", "title": "CWE-191" }, { "category": "general", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" }, { "category": "general", "text": "Improper Removal of Sensitive Information Before Storage or Transfer", "title": "CWE-212" }, { "category": "general", "text": "Improper Privilege Management", "title": "CWE-269" }, { "category": "general", "text": "Improper Handling of Insufficient Permissions or Privileges ", "title": "CWE-280" }, { "category": "general", "text": "Improper Access Control", "title": "CWE-284" }, { "category": "general", "text": "Improper Authorization", "title": "CWE-285" }, { "category": "general", "text": "Improper Authentication", "title": "CWE-287" }, { "category": "general", "text": "Missing Authentication for Critical Function", "title": "CWE-306" }, { "category": "general", "text": "Missing Cryptographic Step", "title": "CWE-325" }, { "category": "general", "text": "Acceptance of Extraneous Untrusted Data With Trusted Data", "title": "CWE-349" }, { "category": "general", "text": "Insufficient UI Warning of Dangerous Operations", "title": "CWE-357" }, { "category": "general", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "general", "text": "Time-of-check Time-of-use (TOCTOU) Race Condition", "title": "CWE-367" }, { "category": "general", "text": "Double Free", "title": "CWE-415" }, { "category": "general", "text": "Use After Free", "title": "CWE-416" }, { "category": "general", "text": "NULL Pointer Dereference", "title": "CWE-476" }, { "category": "general", "text": "Insertion of Sensitive Information into Log File", "title": "CWE-532" }, { "category": "general", "text": "Incorrect Conversion between Numeric Types", "title": "CWE-681" }, { "category": "general", "text": "Protection Mechanism Failure", "title": "CWE-693" }, { "category": "general", "text": "Reliance on Untrusted Inputs in a Security Decision", "title": "CWE-807" }, { "category": "general", "text": "Untrusted Pointer Dereference", "title": "CWE-822" }, { "category": "general", "text": "Access of Resource Using Incompatible Type ('Type Confusion')", "title": "CWE-843" }, { "category": "general", "text": "Use of Uninitialized Resource", "title": "CWE-908" }, { "category": "general", "text": "Insecure Storage of Sensitive Information", "title": "CWE-922" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "title": "Kwetsbaarheden verholpen in Microsoft Windows", "tracking": { "current_release_date": "2026-04-15T08:53:38.926894Z", "generator": { "date": "2025-08-04T16:30:00Z", "engine": { "name": "V.A.", "version": "1.3" } }, "id": "NCSC-2026-0119", "initial_release_date": "2026-04-15T08:53:38.926894Z", "revision_history": [ { "date": "2026-04-15T08:53:38.926894Z", "number": "1.0.0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-1" } } ], "category": "product_name", "name": "Microsoft Windows 11 Version 26H1" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-2" } } ], "category": "product_name", "name": "Microsoft Windows Admin Center" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-3" } } ], "category": "product_name", "name": "Microsoft Windows Server 2012" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-4" } } ], "category": "product_name", "name": "Microsoft Windows Server 2012 R2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-5" } } ], "category": "product_name", "name": "Microsoft Windows Server 2016" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-6" } } ], "category": "product_name", "name": "Microsoft Windows Server 2019" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-7" } } ], "category": "product_name", "name": "Microsoft Windows Server 2022" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-8" } } ], "category": "product_name", "name": "Microsoft Windows Server 2025" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-9" } } ], "category": "product_name", "name": "Remote Desktop client for Windows Desktop" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-10" } } ], "category": "product_name", "name": "Windows" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-11" } } ], "category": "product_name", "name": "Windows 10" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-12" } } ], "category": "product_name", "name": "Windows 10 1607" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-13" } } ], "category": "product_name", "name": "Windows 10 1809" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-14" } } ], "category": "product_name", "name": "Windows 10 21h2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-15" } } ], "category": "product_name", "name": "Windows 10 22h2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-16" } } ], "category": "product_name", "name": "Windows 10 Version 1607" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-17" } } ], "category": "product_name", "name": "Windows 10 Version 1607 for 32-bit Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-18" } } ], "category": "product_name", "name": "Windows 10 Version 1607 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-19" } } ], "category": "product_name", "name": "Windows 10 Version 1809" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-20" } } ], "category": "product_name", "name": "Windows 10 Version 1809 for 32-bit Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-21" } } ], "category": "product_name", "name": "Windows 10 Version 1809 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-22" } } ], "category": "product_name", "name": "Windows 10 Version 21H2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-23" } } ], "category": "product_name", "name": "Windows 10 Version 21H2 for 32-bit Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-24" } } ], "category": "product_name", "name": "Windows 10 Version 21H2 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-25" } } ], "category": "product_name", "name": "Windows 10 Version 21H2 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-26" } } ], "category": "product_name", "name": "Windows 10 Version 22H2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-27" } } ], "category": "product_name", "name": "Windows 10 Version 22H2 for 32-bit Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-28" } } ], "category": "product_name", "name": "Windows 10 Version 22H2 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-29" } } ], "category": "product_name", "name": "Windows 10 Version 22H2 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-30" } } ], "category": "product_name", "name": "Windows 11" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-31" } } ], "category": "product_name", "name": "Windows 11 23H2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-32" } } ], "category": "product_name", "name": "Windows 11 Version 23H2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-33" } } ], "category": "product_name", "name": "Windows 11 Version 23H2 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-34" } } ], "category": "product_name", "name": "Windows 11 Version 23H2 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-35" } } ], "category": "product_name", "name": "Windows 11 Version 24H2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-36" } } ], "category": "product_name", "name": "Windows 11 Version 24H2 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-37" } } ], "category": "product_name", "name": "Windows 11 Version 24H2 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-38" } } ], "category": "product_name", "name": "Windows 11 Version 25H2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-39" } } ], "category": "product_name", "name": "Windows 11 Version 25H2 for ARM systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-40" } } ], "category": "product_name", "name": "Windows 11 Version 25H2 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-41" } } ], "category": "product_name", "name": "Windows 11 Version 26H1 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-42" } } ], "category": "product_name", "name": "Windows 11 version 22H3" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-43" } } ], "category": "product_name", "name": "Windows 11 version 26H1" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-44" } } ], "category": "product_name", "name": "Windows 11 version 26H1 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-45" } } ], "category": "product_name", "name": "Windows Admin Center" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-46" } } ], "category": "product_name", "name": "Windows App Client for Windows Desktop" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-47" } } ], "category": "product_name", "name": "Windows Server 2012" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-48" } } ], "category": "product_name", "name": "Windows Server 2012 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-49" } } ], "category": "product_name", "name": "Windows Server 2012 R2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-50" } } ], "category": "product_name", "name": "Windows Server 2012 R2 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-51" } } ], "category": "product_name", "name": "Windows Server 2016" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-52" } } ], "category": "product_name", "name": "Windows Server 2016 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-53" } } ], "category": "product_name", "name": "Windows Server 2019" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-54" } } ], "category": "product_name", "name": "Windows Server 2019 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-55" } } ], "category": "product_name", "name": "Windows Server 2022" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-56" } } ], "category": "product_name", "name": "Windows Server 2022 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-57" } } ], "category": "product_name", "name": "Windows Server 2022 Version 23H2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-58" } } ], "category": "product_name", "name": "Windows Server 2022, 23H2 Edition (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-59" } } ], "category": "product_name", "name": "Windows Server 2025" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-60" } } ], "category": "product_name", "name": "Windows Server 2025 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-61" } } ], "category": "product_name", "name": "Windows_11_25H2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-62" } } ], "category": "product_name", "name": "window_server" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-63" } } ], "category": "product_name", "name": "windows_10" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-64" } } ], "category": "product_name", "name": "windows_11" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-65" } } ], "category": "product_name", "name": "windows_server_2012" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-66" } } ], "category": "product_name", "name": "windows_server_2016" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-67" } } ], "category": "product_name", "name": "windows_server_2016_(server_core_installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-68" } } ], "category": "product_name", "name": "windows_server_2019" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-69" } } ], "category": "product_name", "name": "windows_server_2019_(server_core_installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-70" } } ], "category": "product_name", "name": "windows_server_2022" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-71" } } ], "category": "product_name", "name": "windows_server_2025" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-72" } } ], "category": "product_name", "name": "windows_service_2012_server_core_installation" } ], "category": "vendor", "name": "Microsoft" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-32068", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition in the Windows SSDP Service caused by improper synchronization of shared resources allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32068 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32068.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32068" }, { "cve": "CVE-2026-32069", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "other", "text": "Double Free", "title": "CWE-415" }, { "category": "description", "text": "A double free vulnerability in the Windows Projected File System allows an authorized local attacker to elevate privileges by exploiting improper memory management.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32069 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32069.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32069" }, { "cve": "CVE-2026-32070", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Common Log File System Driver allows an authorized local user to elevate privileges on the affected system.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32070 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32070.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32070" }, { "cve": "CVE-2026-32071", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "other", "text": "NULL Pointer Dereference", "title": "CWE-476" }, { "category": "description", "text": "A null pointer dereference vulnerability in the Windows Local Security Authority Subsystem Service (LSASS) allows unauthorized attackers to cause a denial of service over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32071 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32071.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32071" }, { "cve": "CVE-2026-32072", "notes": [ { "category": "description", "text": "Improper authentication in Windows Active Directory allows unauthorized local attackers to perform spoofing attacks, potentially compromising system integrity.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32072 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32072.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 6.2, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32072" }, { "cve": "CVE-2026-32073", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32073 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32073.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32073" }, { "cve": "CVE-2026-32074", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "other", "text": "Double Free", "title": "CWE-415" }, { "category": "description", "text": "A double free vulnerability in the Windows Projected File System allows an authorized local attacker to elevate privileges by exploiting improper memory management.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32074 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32074.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32074" }, { "cve": "CVE-2026-32075", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Universal Plug and Play (UPnP) Device Host allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32075 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32075.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32075" }, { "cve": "CVE-2026-32076", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "An out-of-bounds read vulnerability in the Windows Storage Spaces Controller allows an authorized local attacker to elevate privileges on the affected system.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32076 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32076.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32076" }, { "cve": "CVE-2026-32077", "cwe": { "id": "CWE-822", "name": "Untrusted Pointer Dereference" }, "notes": [ { "category": "other", "text": "Untrusted Pointer Dereference", "title": "CWE-822" }, { "category": "description", "text": "An untrusted pointer dereference vulnerability in the Windows Universal Plug and Play (UPnP) Device Host allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32077 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32077.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32077" }, { "cve": "CVE-2026-32078", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Projected File System allows an authorized local attacker to elevate privileges by exploiting improper memory handling.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32078 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32078.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32078" }, { "cve": "CVE-2026-32079", "notes": [ { "category": "description", "text": "An authorized attacker can locally disclose sensitive information due to exposure in Windows File Explorer, potentially compromising data confidentiality within affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32079 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32079.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32079" }, { "cve": "CVE-2026-32080", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows WalletService allows an authorized local attacker to elevate privileges on affected Windows systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32080 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32080.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32080" }, { "cve": "CVE-2026-32081", "notes": [ { "category": "description", "text": "An authorized attacker can locally disclose sensitive information due to exposure in Windows File Explorer, potentially compromising data confidentiality within affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32081 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32081.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32081" }, { "cve": "CVE-2026-32082", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition in the Windows SSDP Service caused by improper synchronization of shared resources allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32082 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32082.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32082" }, { "cve": "CVE-2026-32083", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition in the Windows SSDP Service caused by improper synchronization of shared resources allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32083 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32083.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32083" }, { "cve": "CVE-2026-32084", "notes": [ { "category": "description", "text": "An authorized attacker can locally disclose sensitive information due to exposure in Windows File Explorer, potentially compromising data confidentiality within affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32084 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32084.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32084" }, { "cve": "CVE-2026-32085", "notes": [ { "category": "description", "text": "A vulnerability in Windows Remote Procedure Call allows an authorized local attacker to expose sensitive information, potentially leading to information disclosure.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32085 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32085.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32085" }, { "cve": "CVE-2026-32086", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition in the Function Discovery Service (fdwsd.dll) due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32086 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32086.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32086" }, { "cve": "CVE-2026-32087", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Function Discovery Service (fdwsd.dll) allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32087 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32087.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32087" }, { "cve": "CVE-2026-32088", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition in the Windows Biometric Service's concurrent execution of shared resources allows an unauthorized attacker to bypass security features through a physical attack.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32088 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32088.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C", "baseScore": 6.1, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32088" }, { "cve": "CVE-2026-32089", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Speech Brokered API allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32089 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32089.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32089" }, { "cve": "CVE-2026-32090", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in the Windows Speech Brokered API due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32090 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32090.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32090" }, { "cve": "CVE-2026-32091", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in Microsoft Brokering File System caused by improper synchronization of shared resources allows unauthorized local privilege escalation.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32091 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32091.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 8.4, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32091" }, { "cve": "CVE-2026-32093", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Time-of-check Time-of-use (TOCTOU) Race Condition", "title": "CWE-367" }, { "category": "description", "text": "A race condition in the Function Discovery Service (fdwsd.dll) due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32093 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32093.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32093" }, { "cve": "CVE-2026-32149", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "other", "text": "Integer Underflow (Wrap or Wraparound)", "title": "CWE-191" }, { "category": "description", "text": "An improper input validation vulnerability in Windows Hyper-V allows an authorized attacker to execute code locally, posing a significant security risk within affected environments.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32149 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32149.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.3, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32149" }, { "cve": "CVE-2026-32150", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition in the Function Discovery Service (fdwsd.dll) due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32150 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32150.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32150" }, { "cve": "CVE-2026-32151", "notes": [ { "category": "description", "text": "A vulnerability in Windows Shell allows an authorized attacker to expose sensitive information over a network, potentially leading to data disclosure.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32151 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32151.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32151" }, { "cve": "CVE-2026-32152", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Desktop Window Manager allows an authorized local attacker to elevate privileges on the affected system.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32152 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32152.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32152" }, { "cve": "CVE-2026-32153", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use after free vulnerability in Microsoft Windows Speech allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32153 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32153.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32153" }, { "cve": "CVE-2026-32154", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Desktop Window Manager allows an authorized local attacker to elevate privileges on the affected system.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32154 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32154.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32154" }, { "cve": "CVE-2026-32155", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Desktop Window Manager allows an authorized local attacker to elevate privileges on the affected system.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32155 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32155.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32155" }, { "cve": "CVE-2026-32156", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32156 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32156.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.4, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32156" }, { "cve": "CVE-2026-32157", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Remote Desktop Client allows unauthorized attackers to execute code remotely, posing a significant security risk.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32157 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32157.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32157" }, { "cve": "CVE-2026-32158", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in Windows Push Notifications due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32158 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32158.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32158" }, { "cve": "CVE-2026-32159", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in Windows Push Notifications due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32159 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32159.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32159" }, { "cve": "CVE-2026-32160", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition in Windows Push Notifications due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32160 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32160.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32160" }, { "cve": "CVE-2026-32162", "cwe": { "id": "CWE-349", "name": "Acceptance of Extraneous Untrusted Data With Trusted Data" }, "notes": [ { "category": "other", "text": "Acceptance of Extraneous Untrusted Data With Trusted Data", "title": "CWE-349" }, { "category": "description", "text": "A vulnerability in Windows COM allows local privilege escalation by accepting extraneous untrusted data alongside trusted data, enabling unauthorized attackers to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32162 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32162.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 8.4, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32162" }, { "cve": "CVE-2026-32163", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in the Windows User Interface Core caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32163 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32163.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32163" }, { "cve": "CVE-2026-32164", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition in the Windows User Interface Core caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32164 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32164.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32164" }, { "cve": "CVE-2026-32165", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows User Interface Core allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32165 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32165.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32165" }, { "cve": "CVE-2026-32181", "notes": [ { "category": "description", "text": "An improper privilege management vulnerability in Microsoft Windows allows an authorized attacker to trigger a local denial of service condition.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32181 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32181.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32181" }, { "cve": "CVE-2026-32183", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command ('Command Injection')" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Special Elements used in a Command ('Command Injection')", "title": "CWE-77" }, { "category": "description", "text": "A command injection vulnerability in the Windows Snipping Tool due to improper neutralization of special elements allows unauthorized local code execution.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32183 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32183.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32183" }, { "cve": "CVE-2026-32195", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Stack-based Buffer Overflow", "title": "CWE-121" }, { "category": "description", "text": "A stack-based buffer overflow vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges, potentially compromising system security.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32195 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32195.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32195" }, { "cve": "CVE-2026-32196", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "title": "CWE-79" }, { "category": "description", "text": "A cross-site scripting vulnerability in Windows Admin Center allows unauthorized attackers to perform network spoofing by improper input neutralization during web page generation.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32196 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32196.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C", "baseScore": 6.1, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32196" }, { "cve": "CVE-2026-32202", "notes": [ { "category": "description", "text": "A protection mechanism failure in Windows Shell allows an unauthorized attacker to perform network spoofing, potentially compromising network communications.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32202 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32202.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 4.3, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32202" }, { "cve": "CVE-2026-32212", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access ('Link Following')" }, "notes": [ { "category": "other", "text": "Improper Link Resolution Before File Access ('Link Following')", "title": "CWE-59" }, { "category": "description", "text": "An improper link resolution vulnerability in the Universal Plug and Play (upnp.dll) component allows an authorized local attacker to disclose sensitive information.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32212 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32212.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32212" }, { "cve": "CVE-2026-32214", "notes": [ { "category": "description", "text": "An improper access control vulnerability in Universal Plug and Play (upnp.dll) permits an authorized local attacker to disclose sensitive information.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32214 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32214.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32214" }, { "cve": "CVE-2026-32215", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "notes": [ { "category": "other", "text": "Insertion of Sensitive Information into Log File", "title": "CWE-532" }, { "category": "description", "text": "A vulnerability in the Windows Kernel allows an authorized attacker to insert sensitive information into log files, leading to local information disclosure.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32215 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32215.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32215" }, { "cve": "CVE-2026-32216", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "other", "text": "NULL Pointer Dereference", "title": "CWE-476" }, { "category": "description", "text": "A null pointer dereference vulnerability in Windows Redirected Drive Buffering allows an authorized attacker to trigger a local denial of service condition.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32216 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32216.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32216" }, { "cve": "CVE-2026-32217", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "notes": [ { "category": "other", "text": "Insertion of Sensitive Information into Log File", "title": "CWE-532" }, { "category": "description", "text": "A vulnerability in the Windows Kernel allows an authorized attacker to insert sensitive information into log files, leading to local information disclosure.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32217 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32217.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32217" }, { "cve": "CVE-2026-32218", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "notes": [ { "category": "other", "text": "Insertion of Sensitive Information into Log File", "title": "CWE-532" }, { "category": "description", "text": "A vulnerability in the Windows Kernel allows an authorized attacker to insert sensitive information into log files, leading to local information disclosure.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32218 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32218.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32218" }, { "cve": "CVE-2026-32219", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Double Free", "title": "CWE-415" }, { "category": "description", "text": "A double free vulnerability in the Microsoft Brokering File System allows an authorized local attacker to elevate privileges by exploiting improper memory management.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32219 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32219.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32219" }, { "cve": "CVE-2026-32220", "notes": [ { "category": "description", "text": "An improper access control vulnerability in the Windows Virtualization-Based Security (VBS) Enclave allows an authorized local attacker to bypass security features.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32220 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32220.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C", "baseScore": 4.4, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32220" }, { "cve": "CVE-2026-32221", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Microsoft Graphics Component enables unauthorized local code execution by attackers.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32221 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32221.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 8.4, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32221" }, { "cve": "CVE-2026-32222", "cwe": { "id": "CWE-822", "name": "Untrusted Pointer Dereference" }, "notes": [ { "category": "other", "text": "Untrusted Pointer Dereference", "title": "CWE-822" }, { "category": "description", "text": "An untrusted pointer dereference vulnerability in the Windows Win32K component (ICOMP) allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32222 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32222.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32222" }, { "cve": "CVE-2026-32223", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Windows USB Print Driver enables an unauthorized attacker with physical access to elevate privileges on the affected system.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32223 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32223.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 6.8, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32223" }, { "cve": "CVE-2026-32224", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in Windows Server Update Service allows an authorized local attacker to elevate privileges on the affected system.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32224 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32224.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32224" }, { "cve": "CVE-2026-32225", "notes": [ { "category": "description", "text": "A protection mechanism failure in Windows Shell allows unauthorized remote attackers to bypass security features over a network, potentially compromising system integrity.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32225 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32225.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-32225" }, { "cve": "CVE-2026-33096", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "An out-of-bounds read vulnerability in Windows HTTP.sys allows an unauthorized attacker to cause a denial of service over a network, impacting system availability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33096 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33096.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-33096" }, { "cve": "CVE-2026-33098", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Container Isolation FS Filter Driver allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33098 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33098.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-33098" }, { "cve": "CVE-2026-33099", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33099 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33099.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-33099" }, { "cve": "CVE-2026-33100", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33100 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33100.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-33100" }, { "cve": "CVE-2026-33101", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in Windows Print Spooler components allows an authorized local attacker to elevate privileges by exploiting memory management flaws.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33101 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33101.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-33101" }, { "cve": "CVE-2026-33104", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in the Windows Win32K GRFX component caused by improper synchronization of shared resources allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33104 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33104.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-33104" }, { "cve": "CVE-2026-33824", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "other", "text": "Double Free", "title": "CWE-415" }, { "category": "description", "text": "A double free vulnerability in the Windows IKE Extension allows unauthorized remote code execution, posing a critical security risk.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33824 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33824.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-33824" }, { "cve": "CVE-2026-33826", "notes": [ { "category": "description", "text": "An improper input validation vulnerability in Windows Active Directory allows an authorized attacker to execute code over an adjacent network, posing a significant security risk.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33826 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33826.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 8.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-33826" }, { "cve": "CVE-2026-33827", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition in Windows TCP/IP due to improper synchronization of shared resources enables unauthorized remote code execution.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33827 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33827.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 8.1, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-33827" }, { "cve": "CVE-2026-33829", "notes": [ { "category": "description", "text": "A vulnerability in the Windows Snipping Tool exposes sensitive information, enabling unauthorized attackers to conduct network spoofing attacks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33829 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33829.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 4.3, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-33829" }, { "cve": "CVE-2023-20585", "notes": [ { "category": "description", "text": "This CVE details a vulnerability that can corrupt guest encrypted memory, addressed by a Windows update in recent builds, with additional information provided in AMD's security bulletin.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2023-20585 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-20585.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2023-20585" }, { "cve": "CVE-2026-0390", "cwe": { "id": "CWE-807", "name": "Reliance on Untrusted Inputs in a Security Decision" }, "notes": [ { "category": "other", "text": "Reliance on Untrusted Inputs in a Security Decision", "title": "CWE-807" }, { "category": "description", "text": "A security vulnerability in the Windows Boot Loader allows an authorized local attacker to bypass a security feature due to reliance on untrusted inputs in a security decision.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-0390 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0390.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 6.7, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-0390" }, { "cve": "CVE-2026-20806", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type ('Type Confusion')" }, "notes": [ { "category": "other", "text": "Access of Resource Using Incompatible Type ('Type Confusion')", "title": "CWE-843" }, { "category": "description", "text": "A type confusion vulnerability in Windows COM allows an authorized local attacker to access resources using incompatible types, leading to potential information disclosure.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-20806 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20806.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-20806" }, { "cve": "CVE-2026-20928", "cwe": { "id": "CWE-212", "name": "Improper Removal of Sensitive Information Before Storage or Transfer" }, "notes": [ { "category": "other", "text": "Improper Removal of Sensitive Information Before Storage or Transfer", "title": "CWE-212" }, { "category": "description", "text": "Improper removal of sensitive information in the Windows Recovery Environment Agent allows unauthorized attackers to bypass security features via physical attacks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-20928 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20928.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 4.6, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-20928" }, { "cve": "CVE-2026-20930", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition due to improper synchronization in Windows Management Services enables an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-20930 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20930.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-20930" }, { "cve": "CVE-2026-23670", "cwe": { "id": "CWE-822", "name": "Untrusted Pointer Dereference" }, "notes": [ { "category": "other", "text": "Untrusted Pointer Dereference", "title": "CWE-822" }, { "category": "description", "text": "An untrusted pointer dereference vulnerability in the Windows Virtualization-Based Security (VBS) Enclave allows an authorized local attacker to bypass security features.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-23670 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-23670.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C", "baseScore": 5.7, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-23670" }, { "cve": "CVE-2026-25184", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition in the Applocker Filter Driver (applockerfltr.sys) enables an authorized local attacker to elevate privileges due to improper synchronization of shared resources.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-25184 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-25184.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-25184" }, { "cve": "CVE-2026-25250", "cwe": { "id": "CWE-325", "name": "Missing Cryptographic Step" }, "notes": [ { "category": "other", "text": "Missing Cryptographic Step", "title": "CWE-325" }, { "category": "description", "text": "A missing cryptographic verification step in Windows Secure Boot allows a local authorized attacker to bypass the security mechanism, potentially compromising system integrity.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-25250 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-25250.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C", "baseScore": 6.0, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-25250" }, { "cve": "CVE-2026-26151", "cwe": { "id": "CWE-357", "name": "Insufficient UI Warning of Dangerous Operations" }, "notes": [ { "category": "other", "text": "Insufficient UI Warning of Dangerous Operations", "title": "CWE-357" }, { "category": "description", "text": "Insufficient user interface warnings in Windows Remote Desktop can allow unauthorized attackers to conduct network spoofing attacks, potentially compromising network security.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26151 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26151.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C", "baseScore": 7.1, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26151" }, { "cve": "CVE-2026-26152", "cwe": { "id": "CWE-922", "name": "Insecure Storage of Sensitive Information" }, "notes": [ { "category": "other", "text": "Insecure Storage of Sensitive Information", "title": "CWE-922" }, { "category": "description", "text": "Insecure storage of sensitive information within Windows Cryptographic Services allows an authorized local attacker to elevate privileges on the affected system.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26152 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26152.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26152" }, { "cve": "CVE-2026-26153", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "An out-of-bounds read vulnerability in the Windows Encrypting File System (EFS) allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26153 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26153.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26153" }, { "cve": "CVE-2026-26154", "notes": [ { "category": "description", "text": "An improper input validation vulnerability in Windows Server Update Service enables unauthorized attackers to perform tampering over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26154 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26154.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26154" }, { "cve": "CVE-2026-26155", "cwe": { "id": "CWE-126", "name": "Buffer Over-read" }, "notes": [ { "category": "other", "text": "Buffer Over-read", "title": "CWE-126" }, { "category": "description", "text": "The document details an information disclosure vulnerability in the Microsoft Local Security Authority Subsystem Service (LSASS) that could potentially expose sensitive data.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26155 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26155.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26155" }, { "cve": "CVE-2026-26156", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in Windows Hyper-V enables an unauthorized attacker to execute code locally, posing a significant security risk.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26156 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26156.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26156" }, { "cve": "CVE-2026-26159", "cwe": { "id": "CWE-306", "name": "Missing Authentication for Critical Function" }, "notes": [ { "category": "other", "text": "Missing Authentication for Critical Function", "title": "CWE-306" }, { "category": "description", "text": "A missing authentication vulnerability in the Windows Remote Desktop Licensing Service allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26159 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26159.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26159" }, { "cve": "CVE-2026-26160", "cwe": { "id": "CWE-306", "name": "Missing Authentication for Critical Function" }, "notes": [ { "category": "other", "text": "Missing Authentication for Critical Function", "title": "CWE-306" }, { "category": "description", "text": "A missing authentication vulnerability in the Windows Remote Desktop Licensing Service allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26160 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26160.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26160" }, { "cve": "CVE-2026-26161", "cwe": { "id": "CWE-822", "name": "Untrusted Pointer Dereference" }, "notes": [ { "category": "other", "text": "Untrusted Pointer Dereference", "title": "CWE-822" }, { "category": "description", "text": "An untrusted pointer dereference vulnerability in the Windows Sensor Data Service allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26161 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26161.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26161" }, { "cve": "CVE-2026-26162", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type ('Type Confusion')" }, "notes": [ { "category": "other", "text": "Access of Resource Using Incompatible Type ('Type Confusion')", "title": "CWE-843" }, { "category": "description", "text": "A type confusion vulnerability in Windows OLE allows an authorized local attacker to elevate privileges by accessing resources using incompatible types.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26162 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26162.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26162" }, { "cve": "CVE-2026-26163", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "other", "text": "Double Free", "title": "CWE-415" }, { "category": "description", "text": "A double free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26163 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26163.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26163" }, { "cve": "CVE-2026-26165", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in Windows Shell allows an authorized local attacker to elevate privileges by exploiting improper memory handling.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26165 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26165.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26165" }, { "cve": "CVE-2026-26166", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "other", "text": "Double Free", "title": "CWE-415" }, { "category": "description", "text": "A double free vulnerability in the Windows Shell allows an authorized local attacker to elevate privileges by exploiting improper memory management.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26166 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26166.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26166" }, { "cve": "CVE-2026-26167", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in Windows Push Notifications due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26167 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26167.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26167" }, { "cve": "CVE-2026-26168", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges due to improper synchronization of shared resources.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26168 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26168.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26168" }, { "cve": "CVE-2026-26169", "cwe": { "id": "CWE-126", "name": "Buffer Over-read" }, "notes": [ { "category": "other", "text": "Buffer Over-read", "title": "CWE-126" }, { "category": "description", "text": "A buffer over-read vulnerability in Windows Kernel Memory enables an authorized local attacker to disclose sensitive information by reading beyond allocated memory boundaries.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26169 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26169.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C", "baseScore": 6.1, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26169" }, { "cve": "CVE-2026-26170", "notes": [ { "category": "description", "text": "Improper input validation in Microsoft PowerShell enables an authorized attacker to perform local privilege escalation.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26170 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26170.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26170" }, { "cve": "CVE-2026-26172", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in Windows Push Notifications due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26172 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26172.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26172" }, { "cve": "CVE-2026-26173", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "other", "text": "NULL Pointer Dereference", "title": "CWE-476" }, { "category": "description", "text": "A race condition in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges due to improper synchronization of shared resources.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26173 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26173.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26173" }, { "cve": "CVE-2026-26174", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition due to improper synchronization in Windows Server Update Service allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26174 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26174.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26174" }, { "cve": "CVE-2026-26175", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "notes": [ { "category": "other", "text": "Use of Uninitialized Resource", "title": "CWE-908" }, { "category": "description", "text": "A vulnerability in Windows Boot Manager involving the use of an uninitialized resource allows an unauthorized attacker with physical access to bypass a security feature.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26175 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26175.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 4.6, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26175" }, { "cve": "CVE-2026-26176", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Windows Client Side Caching driver (csc.sys) enables an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26176 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26176.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26176" }, { "cve": "CVE-2026-26177", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26177 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26177.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26177" }, { "cve": "CVE-2026-26178", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "other", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "other", "text": "Incorrect Conversion between Numeric Types", "title": "CWE-681" }, { "category": "description", "text": "An integer size truncation vulnerability in the Windows Advanced Rasterization Platform (WARP) allows an unauthorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26178 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26178.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26178" }, { "cve": "CVE-2026-26179", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "other", "text": "Double Free", "title": "CWE-415" }, { "category": "description", "text": "A double free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26179 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26179.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26179" }, { "cve": "CVE-2026-26180", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Windows Kernel enables an authorized local attacker to elevate privileges by exploiting memory corruption.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26180 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26180.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26180" }, { "cve": "CVE-2026-26181", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Microsoft Brokering File System allows an authorized local attacker to elevate privileges on the affected system.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26181 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26181.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26181" }, { "cve": "CVE-2026-26182", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26182 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26182.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26182" }, { "cve": "CVE-2026-26183", "notes": [ { "category": "description", "text": "An improper access control vulnerability in the Windows RPC API allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26183 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26183.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26183" }, { "cve": "CVE-2026-26184", "cwe": { "id": "CWE-126", "name": "Buffer Over-read" }, "notes": [ { "category": "other", "text": "Buffer Over-read", "title": "CWE-126" }, { "category": "description", "text": "A buffer over-read vulnerability in the Windows Projected File System enables an authorized local attacker to elevate privileges by exploiting improper memory handling.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-26184 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26184.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-26184" }, { "cve": "CVE-2026-27906", "notes": [ { "category": "description", "text": "An improper input validation vulnerability in Windows Hello allows an authorized local attacker to bypass a security feature, potentially compromising system security.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27906 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27906.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 4.4, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27906" }, { "cve": "CVE-2026-27907", "cwe": { "id": "CWE-191", "name": "Integer Underflow (Wrap or Wraparound)" }, "notes": [ { "category": "other", "text": "Integer Underflow (Wrap or Wraparound)", "title": "CWE-191" }, { "category": "description", "text": "An integer underflow vulnerability in the Windows Storage Spaces Controller allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27907 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27907.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27907" }, { "cve": "CVE-2026-27908", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows TDI Translation Driver (tdx.sys) allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27908 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27908.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27908" }, { "cve": "CVE-2026-27909", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Microsoft Windows Search Component allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27909 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27909.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27909" }, { "cve": "CVE-2026-27910", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "notes": [ { "category": "other", "text": "Improper Handling of Insufficient Permissions or Privileges ", "title": "CWE-280" }, { "category": "description", "text": "A vulnerability in Windows Installer due to improper handling of insufficient permissions allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27910 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27910.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27910" }, { "cve": "CVE-2026-27911", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in the Windows User Interface Core caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27911 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27911.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27911" }, { "cve": "CVE-2026-27912", "notes": [ { "category": "description", "text": "An improper authorization vulnerability in Windows Kerberos enables an authorized attacker to elevate privileges over an adjacent network, potentially compromising system security.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27912 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27912.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 8.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27912" }, { "cve": "CVE-2026-27913", "notes": [ { "category": "description", "text": "Improper input validation in Windows BitLocker allows a local unauthorized attacker to bypass a security feature, potentially compromising system security.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27913 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27913.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C", "baseScore": 7.7, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27913" }, { "cve": "CVE-2026-27914", "notes": [ { "category": "description", "text": "An improper access control vulnerability in Microsoft Management Console allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27914 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27914.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27914" }, { "cve": "CVE-2026-27915", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Universal Plug and Play (UPnP) Device Host allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27915 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27915.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27915" }, { "cve": "CVE-2026-27916", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Universal Plug and Play (UPnP) Device Host allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27916 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27916.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27916" }, { "cve": "CVE-2026-27917", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27917 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27917.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27917" }, { "cve": "CVE-2026-27918", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition in Windows Shell involving improper synchronization of shared resources enables an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27918 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27918.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27918" }, { "cve": "CVE-2026-27919", "cwe": { "id": "CWE-822", "name": "Untrusted Pointer Dereference" }, "notes": [ { "category": "other", "text": "Untrusted Pointer Dereference", "title": "CWE-822" }, { "category": "description", "text": "An untrusted pointer dereference vulnerability in the Windows Universal Plug and Play (UPnP) Device Host allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27919 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27919.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27919" }, { "cve": "CVE-2026-27920", "cwe": { "id": "CWE-822", "name": "Untrusted Pointer Dereference" }, "notes": [ { "category": "other", "text": "Untrusted Pointer Dereference", "title": "CWE-822" }, { "category": "description", "text": "An untrusted pointer dereference vulnerability in the Windows Universal Plug and Play (UPnP) Device Host allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27920 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27920.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27920" }, { "cve": "CVE-2026-27921", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in Windows TCP/IP due to improper synchronization of shared resources allows authorized local attackers to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27921 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27921.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27921" }, { "cve": "CVE-2026-27922", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27922 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27922.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27922" }, { "cve": "CVE-2026-27923", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Desktop Window Manager allows an authorized local attacker to elevate privileges on the affected system.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27923 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27923.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27923" }, { "cve": "CVE-2026-27924", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Desktop Window Manager allows an authorized local attacker to elevate privileges on the affected system.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27924 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27924.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27924" }, { "cve": "CVE-2026-27925", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Universal Plug and Play (UPnP) Device Host allows unauthorized attackers on adjacent networks to disclose sensitive information.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27925 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27925.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27925" }, { "cve": "CVE-2026-27926", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in the Windows Cloud Files Mini Filter Driver due to improper synchronization of shared resources allows an authorized attacker to locally elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27926 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27926.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27926" }, { "cve": "CVE-2026-27927", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in the Windows Projected File System caused by improper synchronization of shared resources allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27927 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27927.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27927" }, { "cve": "CVE-2026-27928", "notes": [ { "category": "description", "text": "Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature remotely over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27928 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27928.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C", "baseScore": 8.7, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27928" }, { "cve": "CVE-2026-27929", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "notes": [ { "category": "other", "text": "Time-of-check Time-of-use (TOCTOU) Race Condition", "title": "CWE-367" }, { "category": "description", "text": "A time-of-check time-of-use (TOCTOU) race condition vulnerability in Windows LUAFV enables an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27929 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27929.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27929" }, { "cve": "CVE-2026-27930", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "An out-of-bounds read vulnerability in the Windows Graphics Device Interface (GDI) allows unauthorized local information disclosure.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27930 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27930.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27930" }, { "cve": "CVE-2026-27931", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "An out-of-bounds read vulnerability in the Windows Graphics Device Interface (GDI) allows unauthorized local information disclosure.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] }, "references": [ { "category": "self", "summary": "CVE-2026-27931 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27931.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72" ] } ], "title": "CVE-2026-27931" } ] }