Race Condition in Windows Push Notifications Affects Microsoft Products
CVE-2026-44800

7.8HIGH

What is CVE-2026-44800?

A race condition vulnerability in Windows Push Notifications can be exploited by attackers to achieve local privilege escalation. This flaw arises from improper synchronization when multiple processes access shared resources concurrently. If successfully exploited, this vulnerability could allow an unauthorized user to gain elevated privileges, thereby posing significant security risks to affected systems. Organizations are advised to apply the latest patches offered by Microsoft to mitigate the impact of this vulnerability.

Affected Version(s)

Windows 11 version 23H2 ARM64-based Systems 10.0.22631.0 < 10.0.22631.7376

Windows 11 Version 23H2 x64-based Systems 10.0.22631.0 < 10.0.22631.7376

Windows 11 Version 24H2 ARM64-based Systems 10.0.26100.0 < 10.0.26100.8875

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.