Elevation of Privilege Vulnerability in Windows App Installer by Microsoft
CVE-2026-48571

7HIGH

What is CVE-2026-48571?

The Windows App Installer contains a use-after-free vulnerability that allows a local unauthorized attacker to escalate privileges. This type of vulnerability can lead to unauthorized access and potentially allow malicious activities within the affected system. It is essential for users of the Windows App Installer to apply the relevant patches to mitigate this risk.

Affected Version(s)

Windows 11 version 23H2 ARM64-based Systems 10.0.22631.0 < 10.0.22631.7376

Windows 11 Version 23H2 x64-based Systems 10.0.22631.0 < 10.0.22631.7376

Windows 11 Version 24H2 ARM64-based Systems 10.0.26100.0 < 10.0.26100.8875

References

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.