Integer Overflow Vulnerability in Windows HTTP.sys by Microsoft
CVE-2026-47291
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 9 June 2026
Badges
What is CVE-2026-47291?
CVE-2026-47291 is a critical integer overflow vulnerability located in the Windows HTTP.sys component, a part of Microsoftβs operating system stack that handles HTTP requests and responses. This vulnerability occurs when the application incorrectly handles integer values, leading to conditions that may allow an unauthorized attacker to execute arbitrary code remotely over a network. The severity of this flaw arises from its potential to compromise systems that rely on the HTTP.sys driver for network communication, opening avenues for attackers to bypass security and gain control over sensitive environments.
The implications of this vulnerability extend to numerous organizations employing Microsoft Windows servers, especially those relying on web services and applications that utilize the HTTP.sys component. If successfully exploited, this vulnerability could lead to unauthorized access, data manipulation, or even complete system compromise, significantly threatening the integrity and confidentiality of organizational data.
Potential impact of CVE-2026-47291
-
Remote Code Execution: The vulnerability enables unauthorized attackers to execute arbitrary code on affected systems, allowing for potentially full control over the compromised environment. This can facilitate a wide range of malicious activities, including data theft and the deployment of further exploitation tools.
-
Service Disruption: Exploiting this flaw could lead to service outages or disruptions in web-based applications and services, which can adversely affect business operations, customer trust, and overall service delivery.
-
Increased Malware Propagation: Given the nature of the vulnerability, it may allow for the installation of malware, including ransomware, on affected systems. This can lead to cascading security incidents that threaten data integrity and operational continuity, as well as increased recovery costs and reputational damage.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.9234
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.8880
Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.7417
News Articles
References
EPSS Score
21% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π
Vulnerability started trending
- πΎ
Exploit known to exist
- π°
First article discovered by Dark Reading
Vulnerability published
Vulnerability Reserved