Windows TCP/IP Denial of Service Vulnerability in Microsoft Software
CVE-2026-40414

7.4HIGH

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1607; Windows 10 Version 1809; Windows 10 Version 21h2; Windows 10 Version 22h2
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-40414?

A null pointer dereference vulnerability in the Windows TCP/IP stack allows unauthorized attackers to exploit the system by causing a denial of service. This vulnerability enables attackers to disrupt communications and hinder service availability across adjacent networks, posing significant risks to organizational operations and network integrity.

Affected Version(s)

Windows 10 Version 1607 x64-based Systems 10.0.14393.0 < 10.0.14393.9140

Windows 10 Version 1809 x64-based Systems 10.0.17763.0 < 10.0.17763.8755

Windows 10 Version 21H2 x64-based Systems 10.0.19044.0 < 10.0.19044.7291

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 13, 2026

CVE-2026-40414 Data

JSON