{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "Microsoft heeft een groot aantal kwetsbaarheden verholpen in Windows.", "title": "Feiten" }, { "category": "description", "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot diverse categorieën schade, zoals omschreven in onderstaande tabellen.\n\nTussen deze kwetsbaarheden zitten een zestal zeer ernstige, welke door Microsoft zijn ingeschaald met een CVSS score van 9 en hoger.\nDeze kwetsbaarheden bevinden zich in diverse componenten van Windows die bereikbaar en benaderbaar zijn vanaf netwerkverbindingen, zoals http.sys, DHCP, de Kernel en TCP/IP. Door de externe bereikbaarheid en de mogelijkheden tot uitvoer van willekeurige code, is het risico op grootschalig misbruik op korte termijn aanwezig. Op dit moment wordt (nog) geen actief misbruik waargenomen en is (nog) geen publieke Proof-of-Concept (PoC) of exploit bekend, maar het NCSC verwacht deze wel op korte termijn en adviseert daarom deze updates met spoed in te zetten.\n\n```\nWindows TCP/IP: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42904 | 9.60 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42915 | 5.70 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows BitLocker: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45655 | 5.30 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-45658 | 7.80 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-50507 | 6.80 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Mark of the Web (MOTW): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45595 | 5.40 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - GRFX: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-44803 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-44812 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Push Notifications: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42969 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-42971 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-42970 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-42973 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-42978 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42977 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42979 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42991 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows DNS: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-41108 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Bluetooth Port Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45640 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Ancillary Function Driver for WinSock: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34335 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-45601 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-45598 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-45596 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-45638 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-45603 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42911 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nFunction Discovery Service (fdwsd.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42836 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2025-10263 | 9.30 | Verkrijgen van verhoogde rechten | \n| CVE-2026-45657 | 9.80 | Uitvoeren van willekeurige code | \n| CVE-2026-48583 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-45653 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42984 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Secure Boot: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45588 | 7.90 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-48568 | 7.90 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-48570 | 7.90 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-48573 | 7.90 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-48575 | 7.90 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-48576 | 7.90 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-48578 | 7.90 | Verkrijgen van verhoogde rechten | \n| CVE-2026-45654 | 7.90 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nRemote Desktop Client: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-47289 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-47653 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-47654 | 7.50 | Uitvoeren van willekeurige code | \n| CVE-2026-48563 | 7.50 | Uitvoeren van willekeurige code | \n| CVE-2026-42909 | 7.50 | Uitvoeren van willekeurige code | \n| CVE-2026-42913 | 7.50 | Uitvoeren van willekeurige code | \n| CVE-2026-42992 | 7.50 | Uitvoeren van willekeurige code | \n| CVE-2026-44799 | 7.50 | Uitvoeren van willekeurige code | \n| CVE-2026-44801 | 7.50 | Uitvoeren van willekeurige code | \n| CVE-2026-42985 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-42993 | 7.50 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft UxTheme Library (uxtheme.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45606 | 5.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Kernel-Mode Drivers: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45600 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows DHCP Client: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45608 | 6.80 | Toegang tot gevoelige gegevens | \n| CVE-2026-44815 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nUniversal Plug and Play (upnp.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45599 | 8.10 | Uitvoeren van willekeurige code | \n| CVE-2026-45635 | 8.10 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Bluetooth Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45605 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows UEFI: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45656 | 7.80 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-8863 | 7.80 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Hotpatch Monitoring Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42910 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Azure Attestation service and Device Health Attestation Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33828 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-45642 | 3.90 | Voordoen als andere gebruiker | \n|----------------|------|-------------------------------------|\n\nWindows RDP: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45639 | 7.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-42908 | 7.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWinlogon: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42989 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Collaborative Translation Framework: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45586 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Kerberos: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-47288 | 7.10 | Uitvoeren van willekeurige code | \n| CVE-2026-42903 | 6.50 | Denial-of-Service | \n| CVE-2026-42914 | 5.30 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Cryptographic Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-44810 | 8.40 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows NTFS: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45636 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Universal Disk Format File System Driver (UDFS): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40409 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40404 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Graphics Component: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42986 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45607 | 8.40 | Uitvoeren van willekeurige code | \n| CVE-2026-47652 | 8.20 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows NT OS Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42980 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42916 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-44809 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Projected File System Filter Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42828 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42837 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nUI Automation Manager (uiamanager.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45597 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows HTTP.sys: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-47291 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Kinect: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-41092 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows SDK: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45593 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Media: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-48574 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Performance Monitor: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42981 | 8.10 | Uitvoeren van willekeurige code | \n| CVE-2026-42974 | 8.10 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Application Identity (AppID) Subsystem: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45594 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-45604 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Administrator Protection: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42829 | 7.80 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nRole: Windows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45641 | 8.40 | Uitvoeren van willekeurige code | \n| CVE-2026-42972 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Narrator Braille: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-48565 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows DHCP Server: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45634 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-45602 | 9.10 | Manipulatie van gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Internet (wininet.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45592 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Deployment Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42987 | 8.10 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nHTTP/2: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49160 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Telephony Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42912 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42968 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Network Controller (NC) Host Agent: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-44805 | 5.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows DWM Core Library: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-48566 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-45637 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42905 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-44811 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-44808 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-44807 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42983 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-44802 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-44814 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-44813 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-44804 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Boot Manager: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-47656 | 7.90 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Program Compatibility Assistant Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45487 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Storage: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-47648 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Shell: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42906 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-42907 | 6.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nActive Directory Domain Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45648 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n```", "title": "Interpretaties" }, { "category": "description", "text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance", "title": "Oplossingen" }, { "category": "general", "text": "high", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Improper Input Validation", "title": "CWE-20" }, { "category": "general", "text": "Improper Link Resolution Before File Access ('Link Following')", "title": "CWE-59" }, { "category": "general", "text": "Improper Neutralization of Special Elements used in a Command ('Command Injection')", "title": "CWE-77" }, { "category": "general", "text": "Stack-based Buffer Overflow", "title": "CWE-121" }, { "category": "general", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "general", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "general", "text": "Buffer Over-read", "title": "CWE-126" }, { "category": "general", "text": "Incorrect Calculation of Buffer Size", "title": "CWE-131" }, { "category": "general", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "general", "text": "Integer Underflow (Wrap or Wraparound)", "title": "CWE-191" }, { "category": "general", "text": "Numeric Truncation Error", "title": "CWE-197" }, { "category": "general", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" }, { "category": "general", "text": "Improper Privilege Management", "title": "CWE-269" }, { "category": "general", "text": "Improper Access Control", "title": "CWE-284" }, { "category": "general", "text": "Improper Authentication", "title": "CWE-287" }, { "category": "general", "text": "Authentication Bypass Using an Alternate Path or Channel", "title": "CWE-288" }, { "category": "general", "text": "Missing Authentication for Critical Function", "title": "CWE-306" }, { "category": "general", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "general", "text": "Time-of-check Time-of-use (TOCTOU) Race Condition", "title": "CWE-367" }, { "category": "general", "text": "Uncontrolled Resource Consumption", "title": "CWE-400" }, { "category": "general", "text": "Use After Free", "title": "CWE-416" }, { "category": "general", "text": "Untrusted Search Path", "title": "CWE-426" }, { "category": "general", "text": "NULL Pointer Dereference", "title": "CWE-476" }, { "category": "general", "text": "Trust Boundary Violation", "title": "CWE-501" }, { "category": "general", "text": "Protection Mechanism Failure", "title": "CWE-693" }, { "category": "general", "text": "Out-of-bounds Write", "title": "CWE-787" }, { "category": "general", "text": "Untrusted Pointer Dereference", "title": "CWE-822" }, { "category": "general", "text": "Access of Resource Using Incompatible Type ('Type Confusion')", "title": "CWE-843" }, { "category": "general", "text": "Use of Uninitialized Resource", "title": "CWE-908" }, { "category": "general", "text": "Reliance on Component That is Not Updateable", "title": "CWE-1329" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "title": "Kwetsbaarheden verholpen in Microsoft Windows", "tracking": { "current_release_date": "2026-06-09T17:44:28.435714Z", "generator": { "date": "2025-08-04T16:30:00Z", "engine": { "name": "V.A.", "version": "1.3" } }, "id": "NCSC-2026-0181", "initial_release_date": "2026-06-09T17:44:28.435714Z", "revision_history": [ { "date": "2026-06-09T17:44:28.435714Z", "number": "1.0.0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-1" } } ], "category": "product_name", "name": "Microsoft Windows 11" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-2" } } ], "category": "product_name", "name": "Microsoft Windows 11 Version 26H1" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-3" } } ], "category": "product_name", "name": "Microsoft Windows Server 2025" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-4" } } ], "category": "product_name", "name": "Windows 10" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-5" } } ], "category": "product_name", "name": "Windows 10 1803" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-6" } } ], "category": "product_name", "name": "Windows 10 1809" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-7" } } ], "category": "product_name", "name": "Windows 10 1903" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-8" } } ], "category": "product_name", "name": "Windows 10 1909" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-9" } } ], "category": "product_name", "name": "Windows 10 2004" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-10" } } ], "category": "product_name", "name": "Windows 10 20h2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-11" } } ], "category": "product_name", "name": "Windows 10 Version 1607 for 32-bit Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-12" } } ], "category": "product_name", "name": "Windows 10 Version 1607 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-13" } } ], "category": "product_name", "name": "Windows 10 Version 1803" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-14" } } ], "category": "product_name", "name": "Windows 10 Version 1803 for 32-bit Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-15" } } ], "category": "product_name", "name": "Windows 10 Version 1803 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-16" } } ], "category": "product_name", "name": "Windows 10 Version 1803 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-17" } } ], "category": "product_name", "name": "Windows 10 Version 1809" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-18" } } ], "category": "product_name", "name": "Windows 10 Version 1809 for 32-bit Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-19" } } ], "category": "product_name", "name": "Windows 10 Version 1809 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-20" } } ], "category": "product_name", "name": "Windows 10 Version 1809 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-21" } } ], "category": "product_name", "name": "Windows 10 Version 1903 for 32-bit Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-22" } } ], "category": "product_name", "name": "Windows 10 Version 1903 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-23" } } ], "category": "product_name", "name": "Windows 10 Version 1903 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-24" } } ], "category": "product_name", "name": "Windows 10 Version 1909" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-25" } } ], "category": "product_name", "name": "Windows 10 Version 1909 for 32-bit Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-26" } } ], "category": "product_name", "name": "Windows 10 Version 1909 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-27" } } ], "category": "product_name", "name": "Windows 10 Version 1909 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-28" } } ], "category": "product_name", "name": "Windows 10 Version 2004" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-29" } } ], "category": "product_name", "name": "Windows 10 Version 2004 for 32-bit Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-30" } } ], "category": "product_name", "name": "Windows 10 Version 2004 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-31" } } ], "category": "product_name", "name": "Windows 10 Version 2004 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-32" } } ], "category": "product_name", "name": "Windows 10 Version 20H2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-33" } } ], "category": "product_name", "name": "Windows 10 Version 20H2 for 32-bit Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-34" } } ], "category": "product_name", "name": "Windows 10 Version 20H2 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-35" } } ], "category": "product_name", "name": "Windows 10 Version 21H2 for 32-bit Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-36" } } ], "category": "product_name", "name": "Windows 10 Version 21H2 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-37" } } ], "category": "product_name", "name": "Windows 10 Version 21H2 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-38" } } ], "category": "product_name", "name": "Windows 10 Version 22H2 for 32-bit Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-39" } } ], "category": "product_name", "name": "Windows 10 Version 22H2 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-40" } } ], "category": "product_name", "name": "Windows 10 Version 22H2 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-41" } } ], "category": "product_name", "name": "Windows 11 Version 23H2 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-42" } } ], "category": "product_name", "name": "Windows 11 Version 23H2 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-43" } } ], "category": "product_name", "name": "Windows 11 Version 24H2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-44" } } ], "category": "product_name", "name": "Windows 11 Version 24H2 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-45" } } ], "category": "product_name", "name": "Windows 11 Version 24H2 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-46" } } ], "category": "product_name", "name": "Windows 11 Version 25H2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-47" } } ], "category": "product_name", "name": "Windows 11 Version 25H2 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-48" } } ], "category": "product_name", "name": "Windows 11 Version 25H2 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-49" } } ], "category": "product_name", "name": "Windows 11 Version 26H1 for ARM64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-50" } } ], "category": "product_name", "name": "Windows 11 Version 26H1 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-51" } } ], "category": "product_name", "name": "Windows 11 version 26H1" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-52" } } ], "category": "product_name", "name": "Windows 11 version 26H1 for x64-based Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-53" } } ], "category": "product_name", "name": "Windows Narrator Braille" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-54" } } ], "category": "product_name", "name": "Windows Server" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-55" } } ], "category": "product_name", "name": "Windows Server 1903" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-56" } } ], "category": "product_name", "name": "Windows Server 1909" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-57" } } ], "category": "product_name", "name": "Windows Server 2004" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-58" } } ], "category": "product_name", "name": "Windows Server 2012" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-59" } } ], "category": "product_name", "name": "Windows Server 2012 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-60" } } ], "category": "product_name", "name": "Windows Server 2012 R2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-61" } } ], "category": "product_name", "name": "Windows Server 2012 R2 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-62" } } ], "category": "product_name", "name": "Windows Server 2016" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-63" } } ], "category": "product_name", "name": "Windows Server 2016 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-64" } } ], "category": "product_name", "name": "Windows Server 2019" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-65" } } ], "category": "product_name", "name": "Windows Server 2019 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-66" } } ], "category": "product_name", "name": "Windows Server 2022" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-67" } } ], "category": "product_name", "name": "Windows Server 2022 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-68" } } ], "category": "product_name", "name": "Windows Server 2025" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-69" } } ], "category": "product_name", "name": "Windows Server 2025 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-70" } } ], "category": "product_name", "name": "Windows Server 20H2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-71" } } ], "category": "product_name", "name": "Windows Server version 2004" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-72" } } ], "category": "product_name", "name": "Windows Server version 20H2" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-73" } } ], "category": "product_name", "name": "Windows Server, version 1903 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-74" } } ], "category": "product_name", "name": "Windows Server, version 1909 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-75" } } ], "category": "product_name", "name": "Windows Server, version 2004 (Server Core installation)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-76" } } ], "category": "product_name", "name": "Windows Server, version 20H2 (Server Core Installation)" } ], "category": "vendor", "name": "Microsoft" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-10263", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "Certain Arm processors and cores, including C1-Ultra, C1-Premium, Neoverse models, and Cortex-X and Cortex-A series, may allow writes to resources owned by a higher exception level, potentially impacting system security.", "title": "Summary" }, { "category": "general", "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2025-10263 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-10263.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2025-10263" }, { "cve": "CVE-2026-33828", "cwe": { "id": "CWE-501", "name": "Trust Boundary Violation" }, "notes": [ { "category": "other", "text": "Trust Boundary Violation", "title": "CWE-501" }, { "category": "description", "text": "A trust boundary violation in Windows Attestation allows an authorized local attacker to elevate privileges, potentially compromising system security.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-33828 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33828.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-33828" }, { "cve": "CVE-2026-34335", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-34335 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34335.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-34335" }, { "cve": "CVE-2026-40404", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "other", "text": "Numeric Truncation Error", "title": "CWE-197" }, { "category": "description", "text": "The Windows Universal Disk Format File System Driver (UDFS) contains an elevation of privilege vulnerability that could enable attackers to gain higher system privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40404 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40404.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-40404" }, { "cve": "CVE-2026-40409", "cwe": { "id": "CWE-197", "name": "Numeric Truncation Error" }, "notes": [ { "category": "other", "text": "Numeric Truncation Error", "title": "CWE-197" }, { "category": "description", "text": "The Windows Universal Disk Format File System Driver (UDFS) contains an elevation of privilege vulnerability that could enable attackers to gain higher system privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-40409 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40409.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-40409" }, { "cve": "CVE-2026-41092", "notes": [ { "category": "description", "text": "An improper access control vulnerability in Microsoft Kinect allows an authorized local attacker to elevate their privileges, potentially compromising system security.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-41092 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-41092.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-41092" }, { "cve": "CVE-2026-41108", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in Microsoft Windows DNS allows an authorized local attacker to escalate privileges by exploiting memory corruption.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-41108 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-41108.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-41108" }, { "cve": "CVE-2026-42828", "cwe": { "id": "CWE-126", "name": "Buffer Over-read" }, "notes": [ { "category": "other", "text": "Buffer Over-read", "title": "CWE-126" }, { "category": "description", "text": "A buffer over-read vulnerability in the Windows Projected File System Filter Driver allows an authorized local attacker to elevate privileges by exploiting improper memory handling.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42828 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42828.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42828" }, { "cve": "CVE-2026-42829", "notes": [ { "category": "description", "text": "An improper access control vulnerability in Windows Administrator Protection allows a local authorized attacker to bypass a security feature, potentially compromising system integrity.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42829 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42829.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42829" }, { "cve": "CVE-2026-42836", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in the Function Discovery Service (fdwsd.dll) caused by improper synchronization of shared resources enables an authorized local attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42836 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42836.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42836" }, { "cve": "CVE-2026-42837", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "A buffer over-read vulnerability in the Windows Projected File System Filter Driver allows an authorized local attacker to elevate privileges by exploiting improper memory handling.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42837 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42837.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42837" }, { "cve": "CVE-2026-42903", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "other", "text": "NULL Pointer Dereference", "title": "CWE-476" }, { "category": "description", "text": "A null pointer dereference vulnerability in Windows Kerberos allows an authorized attacker to cause a denial of service over a network, impacting system availability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42903 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42903.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42903" }, { "cve": "CVE-2026-42904", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in Windows TCP/IP allows an attacker on an adjacent network to elevate privileges by exploiting improper memory handling.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42904 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42904.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.6, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42904" }, { "cve": "CVE-2026-42905", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Desktop Window Manager (DWM) Core Library allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42905 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42905.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42905" }, { "cve": "CVE-2026-42906", "notes": [ { "category": "description", "text": "A vulnerability in Windows Shell allows an authorized local attacker to disclose sensitive information by exposing data to unauthorized actors.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42906 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42906.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42906" }, { "cve": "CVE-2026-42907", "notes": [ { "category": "description", "text": "A vulnerability in Windows Shell allows an authorized local attacker to disclose sensitive information by exposing data to unauthorized actors.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42907 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42907.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42907" }, { "cve": "CVE-2026-42908", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "An out-of-bounds read vulnerability in Windows Remote Desktop Protocol (RDP) allows unauthorized attackers to disclose sensitive information over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42908 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42908.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42908" }, { "cve": "CVE-2026-42909", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Remote Desktop Client allows unauthorized remote code execution over a network, posing significant security risks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42909 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42909.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42909" }, { "cve": "CVE-2026-42910", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "other", "text": "Out-of-bounds Write", "title": "CWE-787" }, { "category": "description", "text": "An out-of-bounds write vulnerability in the Windows Hotpatch Monitoring Service allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42910 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42910.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42910" }, { "cve": "CVE-2026-42911", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42911 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42911.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42911" }, { "cve": "CVE-2026-42912", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition in the Windows Telephony Service caused by improper synchronization of shared resources enables a local authorized attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42912 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42912.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42912" }, { "cve": "CVE-2026-42913", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Remote Desktop Client allows unauthorized remote code execution over a network, posing significant security risks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42913 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42913.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42913" }, { "cve": "CVE-2026-42914", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "The document details a vulnerability in Windows Kerberos that can be exploited to cause a denial of service, impacting authentication services.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42914 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42914.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42914" }, { "cve": "CVE-2026-42915", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "other", "text": "Incorrect Calculation of Buffer Size", "title": "CWE-131" }, { "category": "description", "text": "A buffer size miscalculation in Windows TCP/IP stack allows an authorized attacker to cause a denial of service on a nearby network by exploiting network communication vulnerabilities.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42915 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42915.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.7, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42915" }, { "cve": "CVE-2026-42916", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "other", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "description", "text": "An integer underflow vulnerability in the Windows NT OS Kernel allows an authorized local attacker to escalate privileges by exploiting improper handling of integer operations.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42916 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42916.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42916" }, { "cve": "CVE-2026-42968", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "An out-of-bounds read vulnerability in the Windows Telephony Service allows an authorized local attacker to disclose sensitive information.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42968 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42968.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42968" }, { "cve": "CVE-2026-42969", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "notes": [ { "category": "other", "text": "Use of Uninitialized Resource", "title": "CWE-908" }, { "category": "description", "text": "An uninitialized resource vulnerability in Windows Push Notifications allows an authorized local attacker to disclose sensitive information.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42969 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42969.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42969" }, { "cve": "CVE-2026-42970", "notes": [ { "category": "description", "text": "An uninitialized resource vulnerability in Windows Push Notifications allows an authorized local attacker to disclose sensitive information.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42970 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42970.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42970" }, { "cve": "CVE-2026-42971", "notes": [ { "category": "description", "text": "An uninitialized resource vulnerability in Windows Push Notifications allows an authorized local attacker to disclose sensitive information.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42971 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42971.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42971" }, { "cve": "CVE-2026-42972", "notes": [ { "category": "description", "text": "A vulnerability in Windows Hyper-V allows an authorized local attacker to disclose sensitive information, potentially compromising system confidentiality.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42972 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42972.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42972" }, { "cve": "CVE-2026-42973", "notes": [ { "category": "description", "text": "An uninitialized resource vulnerability in Windows Push Notifications allows an authorized local attacker to disclose sensitive information.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42973 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42973.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42973" }, { "cve": "CVE-2026-42974", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "other", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "description", "text": "An integer underflow vulnerability in Windows Performance Monitor allows remote attackers to execute code without authorization over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42974 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42974.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42974" }, { "cve": "CVE-2026-42977", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition in Windows Push Notifications caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42977 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42977.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42977" }, { "cve": "CVE-2026-42978", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in Windows Push Notifications caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42978 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42978.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42978" }, { "cve": "CVE-2026-42979", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in Windows Push Notifications caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42979 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42979.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42979" }, { "cve": "CVE-2026-42980", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "other", "text": "Integer Underflow (Wrap or Wraparound)", "title": "CWE-191" }, { "category": "description", "text": "An integer underflow vulnerability in the Windows NT OS Kernel allows an authorized local attacker to escalate privileges by exploiting improper handling of integer operations.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42980 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42980.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42980" }, { "cve": "CVE-2026-42981", "cwe": { "id": "CWE-191", "name": "Integer Underflow (Wrap or Wraparound)" }, "notes": [ { "category": "other", "text": "Integer Underflow (Wrap or Wraparound)", "title": "CWE-191" }, { "category": "description", "text": "An integer underflow vulnerability in Windows Performance Monitor allows remote attackers to execute code without authorization over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42981 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42981.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42981" }, { "cve": "CVE-2026-42983", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Desktop Window Manager (DWM) Core Library allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42983 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42983.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42983" }, { "cve": "CVE-2026-42984", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting memory management flaws.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42984 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42984.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42984" }, { "cve": "CVE-2026-42985", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Remote Desktop Client allows unauthorized remote code execution over a network, posing significant security risks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42985 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42985.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42985" }, { "cve": "CVE-2026-42986", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Microsoft Graphics Component allows an authorized local attacker to elevate privileges by exploiting memory management flaws.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42986 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42986.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42986" }, { "cve": "CVE-2026-42987", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in Windows Deployment Services allows remote attackers to execute arbitrary code over a network, posing a significant security risk.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42987 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42987.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42987" }, { "cve": "CVE-2026-42989", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access ('Link Following')" }, "notes": [ { "category": "other", "text": "Improper Link Resolution Before File Access ('Link Following')", "title": "CWE-59" }, { "category": "description", "text": "An improper link resolution vulnerability in Winlogon before file access allows an authorized local attacker to elevate privileges by exploiting the way symbolic links are handled.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42989 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42989.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42989" }, { "cve": "CVE-2026-42991", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A race condition in Windows Push Notifications caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42991 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42991.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42991" }, { "cve": "CVE-2026-42992", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Remote Desktop Client allows unauthorized remote code execution over a network, posing significant security risks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42992 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42992.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42992" }, { "cve": "CVE-2026-42993", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Remote Desktop Client allows unauthorized remote code execution over a network, posing significant security risks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-42993 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42993.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-42993" }, { "cve": "CVE-2026-44799", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Remote Desktop Client allows unauthorized remote code execution over a network, posing significant security risks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-44799 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44799.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-44799" }, { "cve": "CVE-2026-44801", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Remote Desktop Client allows unauthorized remote code execution over a network, posing significant security risks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-44801 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44801.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-44801" }, { "cve": "CVE-2026-44802", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Desktop Window Manager (DWM) Core Library allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-44802 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44802.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-44802" }, { "cve": "CVE-2026-44803", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "other", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "description", "text": "An integer overflow vulnerability in the Windows Win32K GRFX component allows an attacker to execute unauthorized local code by exploiting improper handling of integer operations.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-44803 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44803.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-44803" }, { "cve": "CVE-2026-44804", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Desktop Window Manager (DWM) Core Library allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-44804 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44804.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-44804" }, { "cve": "CVE-2026-44805", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "other", "text": "Untrusted Pointer Dereference", "title": "CWE-822" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Network Controller Host Agent allows an authorized attacker to trigger a local denial of service condition.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-44805 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44805.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-44805" }, { "cve": "CVE-2026-44807", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Desktop Window Manager (DWM) Core Library allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-44807 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44807.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-44807" }, { "cve": "CVE-2026-44808", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Desktop Window Manager (DWM) Core Library allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-44808 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44808.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-44808" }, { "cve": "CVE-2026-44809", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Common Log File System Driver allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-44809 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44809.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-44809" }, { "cve": "CVE-2026-44810", "notes": [ { "category": "description", "text": "An improper authentication vulnerability in Windows Cryptographic Services allows unauthorized local users to escalate privileges, potentially compromising system integrity.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-44810 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44810.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-44810" }, { "cve": "CVE-2026-44811", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Desktop Window Manager (DWM) Core Library allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-44811 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44811.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-44811" }, { "cve": "CVE-2026-44812", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "other", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "description", "text": "An integer overflow vulnerability in the Windows Win32K GRFX component allows an attacker to execute unauthorized local code by exploiting improper handling of integer operations.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-44812 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44812.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-44812" }, { "cve": "CVE-2026-44813", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Desktop Window Manager (DWM) Core Library allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-44813 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44813.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-44813" }, { "cve": "CVE-2026-44814", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "An out-of-bounds read vulnerability in the Windows Desktop Window Manager (DWM) Core Library allows an authorized local attacker to disclose sensitive information.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-44814 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44814.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-44814" }, { "cve": "CVE-2026-44815", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Stack-based Buffer Overflow", "title": "CWE-121" }, { "category": "description", "text": "A stack-based buffer overflow vulnerability in the Windows DHCP Client allows remote attackers to execute arbitrary code over a network, posing a critical security risk.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-44815 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44815.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-44815" }, { "cve": "CVE-2026-45487", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "notes": [ { "category": "other", "text": "Time-of-check Time-of-use (TOCTOU) Race Condition", "title": "CWE-367" }, { "category": "description", "text": "A TOCTOU race condition vulnerability in the Program Compatibility Assistant Service allows an authorized local attacker to escalate privileges by exploiting timing discrepancies during resource access.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45487 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45487.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45487" }, { "cve": "CVE-2026-45586", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access ('Link Following')" }, "notes": [ { "category": "other", "text": "Improper Link Resolution Before File Access ('Link Following')", "title": "CWE-59" }, { "category": "description", "text": "An authorized local attacker can escalate privileges due to improper link resolution before file access in the Windows Collaborative Translation Framework.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45586 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45586.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45586" }, { "cve": "CVE-2026-45588", "notes": [ { "category": "description", "text": "A vulnerability in Windows Secure Boot allows a local authorized attacker to bypass its security mechanism, compromising the integrity of the boot process.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45588 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45588.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "baseScore": 7.9, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45588" }, { "cve": "CVE-2026-45592", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "other", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "An integer overflow vulnerability in the Windows Internet (wininet.dll) component allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45592 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45592.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45592" }, { "cve": "CVE-2026-45593", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "other", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows SDK allows an authorized local attacker to elevate privileges by exploiting improper memory handling.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45593 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45593.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45593" }, { "cve": "CVE-2026-45594", "notes": [ { "category": "description", "text": "A vulnerability in the Windows Application Identity (AppID) Subsystem allows an authorized attacker to locally disclose sensitive information, potentially impacting system confidentiality.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45594 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45594.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45594" }, { "cve": "CVE-2026-45595", "notes": [ { "category": "description", "text": "A vulnerability in the Windows Mark of the Web (MOTW) security feature allows unauthorized attackers to bypass security controls remotely over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45595 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45595.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "baseScore": 5.4, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45595" }, { "cve": "CVE-2026-45596", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45596 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45596.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45596" }, { "cve": "CVE-2026-45597", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A race condition in UI Automation Manager (uiamanager.dll) caused by improper synchronization of shared resources enables a local authorized attacker to elevate privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45597 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45597.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45597" }, { "cve": "CVE-2026-45598", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45598 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45598.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45598" }, { "cve": "CVE-2026-45599", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in Universal Plug and Play (upnp.dll) allows remote attackers to execute arbitrary code over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45599 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45599.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45599" }, { "cve": "CVE-2026-45600", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type ('Type Confusion')" }, "notes": [ { "category": "other", "text": "Access of Resource Using Incompatible Type ('Type Confusion')", "title": "CWE-843" }, { "category": "description", "text": "A type confusion vulnerability in Windows Kernel-Mode Drivers allows an authorized local attacker to elevate privileges by exploiting improper type handling within the kernel.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45600 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45600.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45600" }, { "cve": "CVE-2026-45601", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45601 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45601.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45601" }, { "cve": "CVE-2026-45602", "notes": [ { "category": "description", "text": "A vulnerability in Windows DHCP Server allows unauthorized attackers to interfere with network operations, though it lacks a specific CWE classification.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45602 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45602.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C", "baseScore": 9.1, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45602" }, { "cve": "CVE-2026-45603", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "other", "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "title": "CWE-362" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45603 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45603.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45603" }, { "cve": "CVE-2026-45604", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "An out-of-bounds read vulnerability in the Windows Application Identity (AppID) Subsystem allows an authorized local attacker to disclose sensitive information.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45604 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45604.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45604" }, { "cve": "CVE-2026-45605", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Bluetooth Service allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45605 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45605.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45605" }, { "cve": "CVE-2026-45606", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "An out-of-bounds read vulnerability in Microsoft UxTheme Library (uxtheme.dll) allows an authorized local attacker to trigger a denial of service condition.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45606 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45606.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45606" }, { "cve": "CVE-2026-45607", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "An out-of-bounds read vulnerability in Microsoft Windows Hyper-V allows an attacker with local access to execute unauthorized code, potentially compromising the host system.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45607 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45607.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 8.4, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45607" }, { "cve": "CVE-2026-45608", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "An out-of-bounds read vulnerability in the Windows DHCP Server allows an authorized local attacker to disclose sensitive information from memory.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45608 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45608.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "baseScore": 6.8, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45608" }, { "cve": "CVE-2026-45634", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "An out-of-bounds read vulnerability in the Windows DHCP Server allows an authorized local attacker to disclose sensitive information from memory.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45634 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45634.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45634" }, { "cve": "CVE-2026-45635", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type ('Type Confusion')" }, "notes": [ { "category": "other", "text": "Access of Resource Using Incompatible Type ('Type Confusion')", "title": "CWE-843" }, { "category": "description", "text": "A use-after-free vulnerability in Universal Plug and Play (upnp.dll) allows remote attackers to execute arbitrary code over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45635 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45635.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 8.1, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45635" }, { "cve": "CVE-2026-45636", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in Windows NTFS allows an attacker to execute unauthorized local code by exploiting memory management flaws.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45636 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45636.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45636" }, { "cve": "CVE-2026-45637", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Desktop Window Manager (DWM) Core Library allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45637 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45637.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45637" }, { "cve": "CVE-2026-45638", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45638 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45638.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45638" }, { "cve": "CVE-2026-45639", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "An out-of-bounds read vulnerability in Windows Remote Desktop Protocol (RDP) allows unauthorized attackers to disclose sensitive information over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45639 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45639.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45639" }, { "cve": "CVE-2026-45640", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Bluetooth Port Driver allows an authorized local attacker to elevate privileges on affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45640 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45640.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45640" }, { "cve": "CVE-2026-45641", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type ('Type Confusion')" }, "notes": [ { "category": "other", "text": "Access of Resource Using Incompatible Type ('Type Confusion')", "title": "CWE-843" }, { "category": "description", "text": "An out-of-bounds read vulnerability in Microsoft Windows Hyper-V allows an attacker with local access to execute unauthorized code, potentially compromising the host system.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45641 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45641.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45641" }, { "cve": "CVE-2026-45642", "notes": [ { "category": "description", "text": "Improper input validation in Microsoft Azure Attestation and Device Health Attestation services allows authorized attackers to perform spoofing attacks via physical means.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45642 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45642.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "baseScore": 3.9, "baseSeverity": "LOW" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45642" }, { "cve": "CVE-2026-45648", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Stack-based Buffer Overflow", "title": "CWE-121" }, { "category": "description", "text": "A stack-based buffer overflow vulnerability in Active Directory Domain Services allows an authorized attacker to remotely execute code over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45648 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45648.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45648" }, { "cve": "CVE-2026-45653", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting memory management flaws.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45653 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45653.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45653" }, { "cve": "CVE-2026-45654", "notes": [ { "category": "description", "text": "A vulnerability in Windows Secure Boot allows a local authorized attacker to bypass its security mechanism, compromising the integrity of the boot process.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45654 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45654.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "baseScore": 7.9, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45654" }, { "cve": "CVE-2026-45655", "notes": [ { "category": "description", "text": "A vulnerability in Windows BitLocker allows an attacker with physical access to bypass its encryption protection mechanism, potentially compromising data security.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45655 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45655.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45655" }, { "cve": "CVE-2026-45656", "notes": [ { "category": "description", "text": "A failure in Windows UEFI protection mechanisms allows an authorized local attacker to bypass security features, potentially compromising system integrity.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45656 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45656.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45656" }, { "cve": "CVE-2026-45657", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Kernel allows remote attackers to execute arbitrary code over a network, posing a significant security risk.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45657 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45657.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45657" }, { "cve": "CVE-2026-45658", "notes": [ { "category": "description", "text": "A vulnerability in Windows BitLocker allows an attacker with physical access to bypass its encryption protection mechanism, potentially compromising data security.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-45658 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45658.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-45658" }, { "cve": "CVE-2026-47288", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "other", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "description", "text": "An integer overflow vulnerability in Windows Kerberos allows an authorized attacker to execute arbitrary code on a nearby network, posing a significant security risk.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-47288 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47288.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.1, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-47288" }, { "cve": "CVE-2026-47289", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Remote Desktop Client allows unauthorized remote code execution over a network, posing significant security risks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-47289 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47289.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-47289" }, { "cve": "CVE-2026-47291", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "other", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "description", "text": "An integer overflow vulnerability in the Windows HTTP.sys component allows unauthorized remote code execution, posing a critical security risk to affected systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-47291 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47291.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-47291" }, { "cve": "CVE-2026-47648", "cwe": { "id": "CWE-426", "name": "Untrusted Search Path" }, "notes": [ { "category": "other", "text": "Untrusted Search Path", "title": "CWE-426" }, { "category": "description", "text": "An untrusted search path vulnerability in Windows Storage allows an authorized local attacker to elevate privileges by exploiting improper path handling.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-47648 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47648.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-47648" }, { "cve": "CVE-2026-47652", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "An out-of-bounds read vulnerability in Microsoft Windows Hyper-V allows an attacker with local access to execute unauthorized code, potentially compromising the host system.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-47652 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47652.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "baseScore": 8.2, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-47652" }, { "cve": "CVE-2026-47653", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Remote Desktop Client allows unauthorized remote code execution over a network, posing significant security risks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-47653 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47653.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-47653" }, { "cve": "CVE-2026-47654", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Remote Desktop Client allows unauthorized remote code execution over a network, posing significant security risks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-47654 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47654.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-47654" }, { "cve": "CVE-2026-47656", "notes": [ { "category": "description", "text": "A protection mechanism failure in Windows Boot Manager allows an authorized local attacker to bypass a security feature, potentially compromising system integrity during the boot process.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-47656 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47656.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "baseScore": 7.9, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-47656" }, { "cve": "CVE-2026-48563", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in the Remote Desktop Client allows unauthorized remote code execution over a network, posing significant security risks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-48563 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-48563.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-48563" }, { "cve": "CVE-2026-48565", "cwe": { "id": "CWE-426", "name": "Untrusted Search Path" }, "notes": [ { "category": "other", "text": "Untrusted Search Path", "title": "CWE-426" }, { "category": "description", "text": "An untrusted search path vulnerability in Windows Narrator Braille allows an authorized local attacker to elevate privileges by exploiting improper path handling.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-48565 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-48565.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-48565" }, { "cve": "CVE-2026-48566", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "description", "text": "An out-of-bounds read vulnerability in the Windows Desktop Window Manager (DWM) Core Library allows an authorized local attacker to disclose sensitive information.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-48566 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-48566.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-48566" }, { "cve": "CVE-2026-48568", "notes": [ { "category": "description", "text": "A vulnerability in Windows Secure Boot allows a local authorized attacker to bypass its security mechanism, compromising the integrity of the boot process.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-48568 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-48568.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C", "baseScore": 7.9, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-48568" }, { "cve": "CVE-2026-48570", "notes": [ { "category": "description", "text": "A vulnerability in Windows Secure Boot allows a local authorized attacker to bypass its security mechanism, compromising the integrity of the boot process.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-48570 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-48570.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C", "baseScore": 7.9, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-48570" }, { "cve": "CVE-2026-48573", "cwe": { "id": "CWE-1329", "name": "Reliance on Component That is Not Updateable" }, "notes": [ { "category": "other", "text": "Reliance on Component That is Not Updateable", "title": "CWE-1329" }, { "category": "description", "text": "A vulnerability in Windows Secure Boot allows a local authorized attacker to bypass its security mechanism, compromising the integrity of the boot process.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-48573 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-48573.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C", "baseScore": 7.9, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-48573" }, { "cve": "CVE-2026-48574", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "description", "text": "A heap-based buffer overflow vulnerability in Windows Media allows an attacker to execute unauthorized local code by exploiting memory corruption.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-48574 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-48574.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-48574" }, { "cve": "CVE-2026-48575", "notes": [ { "category": "description", "text": "A vulnerability in Windows Secure Boot allows a local authorized attacker to bypass its security mechanism, compromising the integrity of the boot process.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-48575 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-48575.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C", "baseScore": 7.9, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-48575" }, { "cve": "CVE-2026-48576", "cwe": { "id": "CWE-1329", "name": "Reliance on Component That is Not Updateable" }, "notes": [ { "category": "other", "text": "Reliance on Component That is Not Updateable", "title": "CWE-1329" }, { "category": "description", "text": "A vulnerability in Windows Secure Boot allows a local authorized attacker to bypass its security mechanism, compromising the integrity of the boot process.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-48576 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-48576.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C", "baseScore": 7.9, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-48576" }, { "cve": "CVE-2026-48578", "notes": [ { "category": "description", "text": "A vulnerability in Windows Secure Boot allows a local authorized attacker to bypass its security mechanism, compromising the integrity of the boot process.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-48578 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-48578.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C", "baseScore": 7.9, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-48578" }, { "cve": "CVE-2026-48583", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" }, { "category": "description", "text": "A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting memory management flaws.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-48583 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-48583.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-48583" }, { "cve": "CVE-2026-49160", "notes": [ { "category": "description", "text": "Uncontrolled resource consumption in HTTP/2 protocol can be exploited by unauthorized attackers to cause denial of service attacks over a network, impacting service availability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-49160 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49160.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-49160" }, { "cve": "CVE-2026-50507", "cwe": { "id": "CWE-306", "name": "Missing Authentication for Critical Function" }, "notes": [ { "category": "other", "text": "Missing Authentication for Critical Function", "title": "CWE-306" }, { "category": "description", "text": "A vulnerability in Windows BitLocker allows an attacker with physical access to bypass its encryption protection mechanism, potentially compromising data security.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-50507 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50507.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "baseScore": 6.8, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] } ], "title": "CVE-2026-50507" }, { "cve": "CVE-2026-8863", "notes": [ { "category": "description", "text": "A failure in Windows UEFI protection mechanisms allows an authorized local attacker to bypass security features, potentially compromising system integrity.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14", "CSAFPID-15", "CSAFPID-16", "CSAFPID-17", "CSAFPID-18", "CSAFPID-19", "CSAFPID-20", "CSAFPID-21", "CSAFPID-22", "CSAFPID-23", "CSAFPID-24", "CSAFPID-25", "CSAFPID-26", "CSAFPID-27", "CSAFPID-28", "CSAFPID-29", "CSAFPID-30", "CSAFPID-31", "CSAFPID-32", "CSAFPID-33", "CSAFPID-34", "CSAFPID-35", "CSAFPID-36", "CSAFPID-37", "CSAFPID-38", "CSAFPID-39", "CSAFPID-40", "CSAFPID-41", "CSAFPID-42", "CSAFPID-43", "CSAFPID-44", "CSAFPID-45", "CSAFPID-46", "CSAFPID-47", "CSAFPID-48", "CSAFPID-49", "CSAFPID-50", "CSAFPID-51", "CSAFPID-52", "CSAFPID-53", "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76" ] }, "references": [ { "category": "self", "summary": "CVE-2026-8863 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8863.json" } ], "title": "CVE-2026-8863" } ] }