anonhaven
Ad

CVE-2026-26152

HIGH CVSS 3.1: 7.0
Updated Apr 17, 2026
Insecure
Parameter Value
CVSS 7.0 (HIGH)
Type CWE-922
Vendor Insecure
Public PoC No

Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
High
Difficult to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-922

References 1

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26152
secure@microsoft.com
Share Post Share Share Share