Windows Kernel Elevation of Privilege Vulnerability in Microsoft Products
CVE-2026-40369

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows 11 Version 24h2; Windows 11 Version 25h2; Windows 11 Version 26h1; Windows Server 2025
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-40369?

A vulnerability in the Windows Kernel allows an authorized attacker to exploit an untrusted pointer dereference, potentially enabling them to gain higher privileges on the affected system. This could lead to unauthorized access to sensitive data and administrative functionalities. It's critical for users to apply the necessary security patches to safeguard their systems against this threat.

Affected Version(s)

Windows 11 Version 24H2 ARM64-based Systems 10.0.26100.0 < 10.0.26100.8457

Windows 11 Version 25H2 ARM64-based Systems 10.0.26200.0 < 10.0.26200.8457

Windows 11 version 26H1 ARM64-based Systems 10.0.28000.0 < 10.0.28000.2113

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 11, 2026

CVE-2026-40369 Data

JSON