{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "Microsoft heeft kwetsbaarheden verholpen in Windows.", "title": "Feiten" }, { "category": "description", "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Uitvoeren van willekeurige code (root/admin-rechten)\n- Uitvoeren van willekeurige code (gebruikersrechten)\n- Verkrijgen van verhoogde rechten\n- Omzeilen van een beveiligingsmaatregel\n- Toegang tot gevoelige gegevens\n\nDe ernstigste kwetsbaarheden hebben kenmerken CVE-2026-40402, CVE-2026-41089 en CVE-2026-41096 toegewezen gekregen en bevinden zich respectievelijk in Hyper-V, NETLOGON en de DNS Client. De kwetsbaarheid in Hyper-V stelt een geauthenticeerde kwaadwillende in staat om uit de Guest-VM te breken en toegang te krijgen tot geheugen van de host en mogelijk willekeurige code uit te voeren op de host. De kwetsbaarheden in NETLOGON en de DNS Client stellen een ongeauthenticeerde kwaadwillende op afstand in staat om willekeurige code uit te voeren op het kwetsbare systeem.\n\n**Met name Domain Controllers die toegankelijk zijn vanaf externe netwerken lopen een hoog risico voor actief misbruik van de kwetsbaarheid in NETLOGON.**\n\nHet verdient altijd aanbeveling om een systeem met de rol van Domain Controller niet publiek toegankelijk te hebben en, indien dit noodzakelijk is, additionele maatregelen te hebben genomen.\n\n```\nWindows Projected File System: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34340 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Application Identity (AppID) Subsystem: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34343 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nUndisclosed: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-41095 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Remote Desktop: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40398 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows DNS: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-41096 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Ancillary Function Driver for WinSock: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34344 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34345 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-35416 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-41088 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33841 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-35420 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40369 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Secure Boot: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-41097 | 6.70 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Native WiFi Miniport Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32161 | 7.50 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Kernel-Mode Drivers: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40408 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34332 | 8.00 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nTelnet Client: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35423 | 5.40 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Print Spooler Components: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34342 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows SMB Client: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40410 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Storage Spaces Controller: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35415 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Filtering Platform (WFP): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32209 | 4.40 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Volume Manager Extension Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40380 | 6.20 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Cryptographic Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40377 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - GRFX: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33839 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34330 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34331 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34333 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34347 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40403 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Admin Center: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35438 | 8.30 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40402 | 9.30 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Rich Text Edit Control: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32170 | 6.70 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Event Logging Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33834 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Internet Key Exchange (IKE) Protocol: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35424 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Netlogon: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-41089 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Storport Miniport Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34350 | 6.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40407 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40397 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Cloud Files Mini Filter Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35418 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-33835 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34337 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - ICOMP: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33840 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-35417 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows GDI: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35421 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Rich Text Edit: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-21530 | 6.70 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows TCP/IP: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34351 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-35422 | 6.50 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-40399 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40405 | 7.50 | Denial-of-Service | \n| CVE-2026-40406 | 7.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-40414 | 7.40 | Denial-of-Service | \n| CVE-2026-40415 | 8.10 | Uitvoeren van willekeurige code | \n| CVE-2026-33837 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34334 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40401 | 6.20 | Denial-of-Service | \n| CVE-2026-40413 | 7.40 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows LDAP - Lightweight Directory Access Protocol: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34339 | 5.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Telephony Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42825 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34338 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40382 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Message Queuing: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34329 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-33838 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows DWM Core Library: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35419 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-42896 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34336 | 7.80 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Link-Layer Discovery Protocol (LLDP): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34341 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\n```", "title": "Interpretaties" }, { "category": "description", "text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "External Control of File Name or Path", "title": "CWE-73" }, { "category": "general", "text": "Stack-based Buffer Overflow", "title": "CWE-121" }, { "category": "general", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "general", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "general", "text": "Buffer Over-read", "title": "CWE-126" }, { "category": "general", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "general", "text": "Integer Underflow (Wrap or Wraparound)", "title": "CWE-191" }, { "category": "general", "text": "Numeric Truncation Error", "title": "CWE-197" }, { "category": "general", "text": "Improper Access Control", "title": "CWE-284" }, { "category": "general", "text": "Authentication Bypass Using an Alternate Path or Channel", "title": "CWE-288" }, { "category": "general", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "general", "text": "Time-of-check Time-of-use (TOCTOU) Race Condition", "title": "CWE-367" }, { "category": "general", "text": "Missing Release of Memory after Effective Lifetime", "title": "CWE-401" }, { "category": "general", "text": "Double Free", "title": "CWE-415" }, { "category": "general", "text": "Use After Free", "title": "CWE-416" }, { "category": "general", "text": "NULL Pointer Dereference", "title": "CWE-476" }, { "category": "general", "text": "Untrusted Pointer Dereference", "title": "CWE-822" }, { "category": "general", "text": "Access of Resource Using Incompatible Type ('Type Confusion')", "title": "CWE-843" }, { "category": "general", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "Reliance on Component That is Not Updateable", "title": "CWE-1329" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "title": "Kwetsbaarheden verholpen in Microsoft Windows", "tracking": { "current_release_date": "2026-05-12T17:52:42.410761Z", "generator": { "date": "2025-08-04T16:30:00Z", "engine": { "name": "V.A.", "version": "1.3" } }, "id": "NCSC-2026-0141", "initial_release_date": "2026-05-12T17:52:42.410761Z", "revision_history": [ { "date": "2026-05-12T17:52:42.410761Z", "number": "1.0.0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-1" } } ], "category": "product_name", "name": "Windows 10 Version 1607 for 32-bit Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-2" } } ], "category": "product_name", "name": "Windows 10 Version 1607 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-3" } } ], "category": "product_name", "name": "Windows 10 Version 1809 for 32-bit Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-4" } } ], "category": "product_name", "name": "Windows 10 Version 1809 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-5" } } ], "category": "product_name", "name": "Windows 10 Version 21H2 for 32-bit Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-6" } } ], "category": "product_name", "name": "Windows 10 Version 21H2 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-7" } } ], "category": "product_name", "name": "Windows 10 Version 21H2 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-8" } } ], "category": "product_name", "name": "Windows 10 Version 22H2 for 32-bit Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-9" } } ], "category": "product_name", "name": "Windows 10 Version 22H2 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-10" } } ], "category": "product_name", "name": "Windows 10 Version 22H2 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-11" } } ], "category": "product_name", "name": "Windows 11 Version 23H2 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-12" } } ], "category": "product_name", "name": "Windows 11 Version 23H2 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-13" } } ], "category": "product_name", "name": "Windows 11 Version 24H2 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-14" } } ], "category": "product_name", "name": "Windows 11 Version 24H2 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-15" } } ], "category": "product_name", "name": "Windows 11 Version 25H2 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-16" } } ], "category": "product_name", "name": "Windows 11 Version 25H2 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-17" } } ], "category": "product_name", "name": "Windows 11 Version 26H1 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-18" } } ], "category": "product_name", "name": "Windows 11 Version 26H1 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-19" } } ], "category": "product_name", "name": "Windows 11 version 26H1 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-20" } } ], "category": "product_name", "name": "Windows Admin Center" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-21" } } ], "category": "product_name", "name": "Windows Server 2012" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-22" } } ], "category": "product_name", "name": "Windows Server 2012 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-23" } } ], "category": "product_name", "name": "Windows Server 2012 R2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-24" } } ], "category": "product_name", "name": "Windows Server 2012 R2 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-25" } } ], "category": "product_name", "name": "Windows Server 2016" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-26" } } ], "category": "product_name", "name": "Windows Server 2016 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-27" } } ], "category": "product_name", "name": "Windows Server 2019" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-28" } } ], "category": "product_name", "name": "Windows Server 2019 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-29" } } ], "category": "product_name", "name": "Windows Server 2022" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-30" } } ], "category": "product_name", "name": "Windows Server 2022 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-31" } } ], "category": "product_name", "name": "Windows Server 2022, 23H2 Edition (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-32" } } ], "category": "product_name", "name": "Windows Server 2025" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-33" } } ], "category": "product_name", "name": "Windows Server 2025 (Server Core installation)" } ], "category": "vendor", "name": "Microsoft" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-34342", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition in Windows Print Spooler Components caused by improper synchronization enables an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34342 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34342.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34342" }, { "cve": "CVE-2026-34343", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Windows Application Identity (AppID) Subsystem allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34343 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34343.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34343" }, { "cve": "CVE-2026-34344", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type ('Type Confusion')" }, "notes": [ { "category": "other", "text": "Access of Resource Using Incompatible Type ('Type Confusion')", "title": "CWE-843" }, { "category": "description", "text": "A type confusion vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34344 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34344.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34344" }, { "cve": "CVE-2026-34345", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges due to improper synchronization of shared resources.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34345 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34345.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34345" }, { "cve": "CVE-2026-34347", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Win32K GRFX component allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34347 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34347.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34347" }, { "cve": "CVE-2026-34351", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition in Windows TCP/IP due to improper synchronization of shared resources allows authorized local attackers to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34351 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34351.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34351" }, { "cve": "CVE-2026-35415", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "other", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "description", "text": "An integer overflow vulnerability in the Windows Storage Spaces Controller allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35415 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35415.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-35415" }, { "cve": "CVE-2026-35416", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35416 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35416.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-35416" }, { "cve": "CVE-2026-35417", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type ('Type Confusion')" }, "notes": [ { "category": "other", "text": "Access of Resource Using Incompatible Type ('Type Confusion')", "title": "CWE-843" }, { "category": "description", "text": "A type confusion vulnerability in Windows Win32K - ICOMP allows an authorized local attacker to elevate privileges by accessing resources with incompatible types.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35417 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35417.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-35417" }, { "cve": "CVE-2026-35418", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "notes": [ { "category": "other", "text": "Time-of-check Time-of-use (TOCTOU) Race Condition", "title": "CWE-367" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Cloud Files Mini Filter Driver allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35418 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35418.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-35418" }, { "cve": "CVE-2026-35421", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Windows Graphics Device Interface (GDI) enables unauthorized local attackers to execute arbitrary code.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35421 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35421.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-35421" }, { "cve": "CVE-2026-35422", "cwe": { "id": "CWE-288", "name": "Authentication Bypass Using an Alternate Path or Channel" }, "notes": [ { "category": "other", "text": "Authentication Bypass Using an Alternate Path or Channel", "title": "CWE-288" }, { "category": "description", "text": "An authentication bypass vulnerability in Windows TCP/IP allows an authorized attacker to circumvent security features by exploiting an alternate path or channel over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35422 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35422.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-35422" }, { "cve": "CVE-2026-35423", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "An out-of-bounds read vulnerability in the Telnet Client allows unauthorized attackers to disclose sensitive information over a network, posing a significant security risk.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35423 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35423.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C", "baseScore": 5.4, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-35423" }, { "cve": "CVE-2026-35424", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "other", "text": "Missing Release of Memory after Effective Lifetime", "title": "CWE-401" }, { "category": "description", "text": "A memory release flaw after the effective lifetime in the Windows Internet Key Exchange (IKE) Protocol allows unauthorized attackers to cause network denial of service.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35424 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35424.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-35424" }, { "cve": "CVE-2026-40377", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in Windows Cryptographic Services enables an authorized local attacker to elevate privileges by exploiting memory corruption.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40377 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40377.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-40377" }, { "cve": "CVE-2026-40380", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "other", "text": "Numeric Truncation Error", "title": "CWE-197" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Volume Manager Extension Driver enables an authorized attacker with physical access to execute arbitrary code.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40380 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40380.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 6.2, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-40380" }, { "cve": "CVE-2026-40399", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Stack-based Buffer Overflow", "title": "CWE-121" }, { "category": "description", "text": "A stack-based buffer overflow vulnerability in Windows TCP/IP allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40399 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40399.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-40399" }, { "cve": "CVE-2026-40406", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows TCP/IP stack allows unauthorized attackers to disclose sensitive information over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40406 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40406.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-40406" }, { "cve": "CVE-2026-40407", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Windows Common Log File System Driver enables an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40407 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40407.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-40407" }, { "cve": "CVE-2026-40408", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in Windows Kernel-Mode Drivers allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40408 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40408.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-40408" }, { "cve": "CVE-2026-40410", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use after free vulnerability in the Windows SMB Client allows an authorized attacker to locally elevate privileges by exploiting improper memory handling.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40410 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40410.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-40410" }, { "cve": "CVE-2026-40415", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows TCP/IP stack allows unauthorized remote attackers to execute arbitrary code over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40415 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40415.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 8.1, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-40415" }, { "cve": "CVE-2026-32161", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition vulnerability in the Windows Native WiFi Miniport Driver enables unauthorized code execution from an adjacent network, posing a significant security risk.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32161 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32161.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-32161" }, { "cve": "CVE-2026-32170", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "other", "text": "Double Free", "title": "CWE-415" }, { "category": "description", "text": "A double free vulnerability in the Windows Rich Text Edit Control allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32170 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32170.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 6.7, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-32170" }, { "cve": "CVE-2026-42825", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Telephony Service allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42825 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42825.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-42825" }, { "cve": "CVE-2026-33835", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Cloud Files Mini Filter Driver allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33835 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33835.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-33835" }, { "cve": "CVE-2026-33837", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in Windows TCP/IP allows an authorized local attacker to elevate privileges by exploiting memory corruption.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33837 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33837.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-33837" }, { "cve": "CVE-2026-33838", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "other", "text": "Double Free", "title": "CWE-415" }, { "category": "description", "text": "A double free vulnerability in Windows Message Queuing allows an authorized local attacker to elevate privileges by exploiting improper memory management.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33838 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33838.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-33838" }, { "cve": "CVE-2026-34334", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition in Windows TCP/IP due to improper synchronization of shared resources allows authorized local attackers to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34334 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34334.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34334" }, { "cve": "CVE-2026-34336", "cwe": { "id": "CWE-126", "name": "Buffer Over-read" }, "notes": [ { "category": "other", "text": "Buffer Over-read", "title": "CWE-126" }, { "category": "description", "text": "A buffer over-read vulnerability in the Windows DWM Core Library allows an authorized local attacker to disclose sensitive information.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34336 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34336.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34336" }, { "cve": "CVE-2026-34337", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Cloud Files Mini Filter Driver allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34337 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34337.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34337" }, { "cve": "CVE-2026-34338", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Telephony Service allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34338 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34338.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34338" }, { "cve": "CVE-2026-34339", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "other", "text": "NULL Pointer Dereference", "title": "CWE-476" }, { "category": "description", "text": "A null pointer dereference vulnerability in Windows LDAP allows an authorized attacker to cause a local denial of service, impacting system availability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34339 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34339.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34339" }, { "cve": "CVE-2026-34340", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Projected File System allows an authorized local attacker to elevate privileges by exploiting improper memory handling.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34340 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34340.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34340" }, { "cve": "CVE-2026-34341", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "other", "text": "Double Free", "title": "CWE-415" }, { "category": "description", "text": "A double free vulnerability in the Windows Link-Layer Discovery Protocol (LLDP) allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34341 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34341.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34341" }, { "cve": "CVE-2026-40382", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Telephony Service allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40382 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40382.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-40382" }, { "cve": "CVE-2026-40397", "cwe": { "id": "CWE-191", "name": "Integer Underflow (Wrap or Wraparound)" }, "notes": [ { "category": "other", "text": "Integer Underflow (Wrap or Wraparound)", "title": "CWE-191" }, { "category": "description", "text": "An integer underflow vulnerability in the Windows Common Log File System Driver allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40397 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40397.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-40397" }, { "cve": "CVE-2026-32209", "notes": [ { "category": "description", "text": "An improper access control vulnerability in the Windows Filtering Platform (WFP) allows an authorized local attacker to bypass a security feature.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-32209 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32209.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C", "baseScore": 4.4, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-32209" }, { "cve": "CVE-2026-40398", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in Windows Remote Desktop enables an authorized local attacker to elevate privileges by exploiting memory corruption.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40398 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40398.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-40398" }, { "cve": "CVE-2026-40403", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Windows Win32K GRFX component allows an authorized local attacker to execute arbitrary code.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40403 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40403.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-40403" }, { "cve": "CVE-2026-41097", "cwe": { "id": "CWE-1329", "name": "Reliance on Component That is Not Updateable" }, "notes": [ { "category": "other", "text": "Reliance on Component That is Not Updateable", "title": "CWE-1329" }, { "category": "description", "text": "A non-updateable component in Windows Secure Boot allows a local authorized attacker to bypass a critical security feature, compromising the integrity of the boot process.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-41097 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-41097.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 6.7, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-41097" }, { "cve": "CVE-2026-40414", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "other", "text": "NULL Pointer Dereference", "title": "CWE-476" }, { "category": "description", "text": "A null pointer dereference vulnerability in Windows TCP/IP allows an unauthorized attacker on an adjacent network to cause a denial of service condition.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40414 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40414.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C", "baseScore": 7.4, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-40414" }, { "cve": "CVE-2026-40401", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "other", "text": "NULL Pointer Dereference", "title": "CWE-476" }, { "category": "description", "text": "A null pointer dereference vulnerability in Windows TCP/IP stack allows an unauthorized local attacker to cause a denial of service by crashing the system.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40401 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40401.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C", "baseScore": 7.1, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-40401" }, { "cve": "CVE-2026-40413", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "other", "text": "NULL Pointer Dereference", "title": "CWE-476" }, { "category": "description", "text": "A null pointer dereference vulnerability in Windows TCP/IP allows an unauthorized attacker on an adjacent network to cause a denial of service condition.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40413 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40413.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C", "baseScore": 7.4, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-40413" }, { "cve": "CVE-2026-35420", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Windows Kernel enables an authorized local attacker to elevate privileges by exploiting memory corruption.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35420 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35420.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-35420" }, { "cve": "CVE-2026-41089", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Stack-based Buffer Overflow", "title": "CWE-121" }, { "category": "description", "text": "A stack-based buffer overflow vulnerability in Windows Netlogon enables unauthorized remote code execution over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-41089 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-41089.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-41089" }, { "cve": "CVE-2026-41095", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use after free vulnerability in Data Deduplication allows an authorized local attacker to elevate privileges by exploiting improper memory management.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-41095 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-41095.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-41095" }, { "cve": "CVE-2026-33841", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Windows Kernel enables an authorized local attacker to elevate privileges by exploiting memory corruption.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33841 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33841.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-33841" }, { "cve": "CVE-2026-41088", "cwe": { "id": "CWE-73", "name": "External Control of File Name or Path" }, "notes": [ { "category": "other", "text": "External Control of File Name or Path", "title": "CWE-73" }, { "category": "description", "text": "A vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges by externally controlling file names or paths.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-41088 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-41088.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-41088" }, { "cve": "CVE-2026-40402", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in Windows Hyper-V allows an unauthorized local attacker to elevate privileges within the affected system.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40402 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40402.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 9.3, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-40402" }, { "cve": "CVE-2026-33840", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Win32K ICOMP component enables an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33840 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33840.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-33840" }, { "cve": "CVE-2026-34350", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "other", "text": "NULL Pointer Dereference", "title": "CWE-476" }, { "category": "description", "text": "A null pointer dereference vulnerability in the Windows Storport Miniport Driver enables unauthorized attackers to cause a denial of service over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34350 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34350.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34350" }, { "cve": "CVE-2026-35419", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "An out-of-bounds read vulnerability in the Windows DWM Core Library allows an authorized local attacker to disclose sensitive information by reading memory beyond intended boundaries.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35419 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35419.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-35419" }, { "cve": "CVE-2026-40405", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "other", "text": "NULL Pointer Dereference", "title": "CWE-476" }, { "category": "description", "text": "A null pointer dereference vulnerability in Windows TCP/IP allows an unauthorized attacker to cause a denial of service over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40405 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40405.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-40405" }, { "cve": "CVE-2026-41096", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in Microsoft Windows DNS allows unauthorized remote code execution over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-41096 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-41096.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-41096" }, { "cve": "CVE-2026-42896", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "other", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "description", "text": "An integer overflow vulnerability in the Windows DWM Core Library allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42896 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42896.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-42896" }, { "cve": "CVE-2026-34332", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in Windows Kernel-Mode Drivers allows an authorized attacker to remotely execute code over a network, posing significant security risks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34332 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34332.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 8.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34332" }, { "cve": "CVE-2026-40369", "cwe": { "id": "CWE-822", "name": "Untrusted Pointer Dereference" }, "notes": [ { "category": "other", "text": "Untrusted Pointer Dereference", "title": "CWE-822" }, { "category": "description", "text": "An untrusted pointer dereference vulnerability in the Windows Kernel enables an authorized attacker to locally elevate privileges by exploiting improper pointer validation.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40369 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40369.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-40369" }, { "cve": "CVE-2026-35438", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "description", "text": "A missing authorization vulnerability in Windows Admin Center enables an authorized attacker to elevate privileges remotely over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35438 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35438.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 8.3, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-35438" }, { "cve": "CVE-2026-21530", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "other", "text": "Double Free", "title": "CWE-415" }, { "category": "description", "text": "A double free vulnerability in Windows Rich Text Edit allows an authorized local attacker to elevate privileges by exploiting improper memory management.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-21530 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21530.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 6.7, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-21530" }, { "cve": "CVE-2026-33834", "notes": [ { "category": "description", "text": "An improper access control vulnerability in the Windows Event Logging Service allows an authorized local attacker to elevate their privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33834 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33834.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-33834" }, { "cve": "CVE-2026-33839", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition in the Windows Win32K GRFX component caused by improper synchronization of shared resources enables an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33839 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33839.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-33839" }, { "cve": "CVE-2026-34329", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in Windows Message Queuing enables unauthorized attackers to execute arbitrary code over an adjacent network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34329 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34329.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34329" }, { "cve": "CVE-2026-34330", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "other", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "An integer overflow or wraparound vulnerability in the Windows Win32K GRFX component allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34330 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34330.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34330" }, { "cve": "CVE-2026-34331", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in the Windows Win32K GRFX component caused by improper synchronization of shared resources allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34331 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34331.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34331" }, { "cve": "CVE-2026-34333", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "other", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Win32K GRFX component allows an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34333 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34333.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33" ] } ], "title": "CVE-2026-34333" } ] }