CVE-2026-23668

high

Microsoft

CVSS v3 Base Score

7.0

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: March 10, 2026

Last Modified: March 12, 2026

Vendor: Microsoft

Source: NVD

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

CWE

CWE-362

Affected Products

microsoft windows 10 1607microsoft windows 10 1809microsoft windows 10 21h2microsoft windows 10 22h2microsoft windows 11 23h2microsoft windows server 2012microsoft windows server 2016microsoft windows server 2019microsoft windows server 2022microsoft windows server 2022 23h2

References

🔗 msrc.microsoft.com

CVE-2026-23668

Vulnerability Report

Description

CWE

Affected Products

References