Race Condition Vulnerability in Windows App Installer by Microsoft
CVE-2026-48572

7HIGH

What is CVE-2026-48572?

A race condition vulnerability exists in Windows App Installer that allows an authorized attacker to manipulate concurrently executed processes using a shared resource. This flaw can be exploited to elevate privileges locally, potentially enabling access to unauthorized functions or data. Prompt action is recommended to mitigate this issue.

Affected Version(s)

Windows 11 version 23H2 ARM64-based Systems 10.0.22631.0 < 10.0.22631.7376

Windows 11 Version 23H2 x64-based Systems 10.0.22631.0 < 10.0.22631.7376

Windows 11 Version 24H2 ARM64-based Systems 10.0.26100.0 < 10.0.26100.8875

References

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.