Windows Kernel Elevation of Privilege Vulnerability in Microsoft Products
CVE-2026-40369

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows 11 Version 24h2; Windows 11 Version 25h2; Windows 11 Version 26h1; Windows Server 2025
Vendor: CVE Published:; 12 May 2026

Badges

🔥 Trending now📈 Trended📈 Score: 4,000👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2026-40369?

CVE-2026-40369 is a critical vulnerability found within the Windows Kernel, which is fundamental to the operation of Microsoft operating systems. This flaw stems from an untrusted pointer dereference, permitting authorized attackers to escalate their privileges locally on affected systems. The implications of this vulnerability are significant, as it could enable malicious actors to perform unauthorized actions, potentially leading to full control over compromised systems. This is particularly concerning for organizations as it undermines the integrity of access controls, allowing attackers to exploit this flaw to execute arbitrary code with elevated privileges, thereby compromising sensitive data and system stability.

Potential impact of CVE-2026-40369

Unauthorized Access to Sensitive Data: Exploitation of this vulnerability may grant attackers elevated access to sensitive information, exposing confidential business data and user credentials.
System Compromise and Malware Deployment: With elevated privileges, attackers can deploy malware or other malicious software, causing further damage to the organization's network infrastructure and potentially spreading to other connected systems.
Disruption of Business Operations: The ability to manipulate system functionalities may lead to operational disruptions, impacting productivity and service delivery, which can have financial repercussions for the organization.

Affected Version(s)

Windows 11 Version 24H2 ARM64-based Systems 10.0.26100.0 < 10.0.26100.8457

Windows 11 Version 25H2 ARM64-based Systems 10.0.26200.0 < 10.0.26200.8457

Windows 11 version 26H1 ARM64-based Systems 10.0.28000.0 < 10.0.28000.2113

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-40369-EXPLOIT
Created by orinimron123

ntoskrnl-metadata
Created by piffd0s

News Articles

It Security News

CVE-2026-40369

Windows Kernel Vulnerability Lets Attackers Modify Kernel Memory Counters - IT Security News

A critical Windows kernel vulnerability, CVE-2026-40369, allows any unprivileged process, including a browser renderer sandbox, to increment arbitrary kernel memory and reliably escalate to SYSTEM on Windows 11 24H2–25H2. The bug sits in ntoskrnl.exe inside ExpGetProcessInformation, reachable via a ...

6 days ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by It Security News
May 27, 2026
📈
Vulnerability started trending
May 22, 2026
🟡
Public PoC available
May 14, 2026
👾
Exploit known to exist
May 14, 2026
Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 11, 2026

CVE-2026-40369 Data

JSON