Race Condition in Windows Push Notifications by Microsoft
CVE-2026-42991

7.8HIGH

What is CVE-2026-42991?

A race condition exists in Windows Push Notifications, where improper synchronization of shared resources can be exploited by an attacker who has valid authorization. This flaw enables the attacker to escalate privileges locally, potentially compromising system integrity and security. Users and administrators are advised to apply the latest security updates to mitigate this vulnerability.

Affected Version(s)

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.8880

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.7417

Windows 10 Version 22H2 32-bit Systems 10.0.19045.0 < 10.0.19045.7417

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.