Integer Underflow Vulnerability in Windows Performance Monitor by Microsoft
CVE-2026-42974

8.1HIGH

Key Information:

Vendor: Microsoft
Status: Windows 11 Version 23h2; Windows 11 Version 23h2; Windows 11 Version 24h2; Windows 11 Version 25h2
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-42974?

The integer underflow vulnerability in Windows Performance Monitor allows an unauthorized attacker to exploit this weakness, potentially executing arbitrary code over a network. This can lead to unauthorized access and manipulation of system resources, highlighting the need for prompt security measures. Users are advised to apply the latest security patches to mitigate this threat.

Affected Version(s)

Windows 11 version 23H2 ARM64-based Systems 10.0.22631.0 < 10.0.22631.7219

Windows 11 Version 23H2 x64-based Systems 10.0.22631.0 < 10.0.22631.7219

Windows 11 Version 24H2 ARM64-based Systems 10.0.26100.0 < 10.0.26100.8655

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
Apr 30, 2026

CVE-2026-42974 Data

JSON