Description
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9Attack Vector: Local
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High
Affected Packages20 packages
🔴Vulnerability Details
2GHSAGHSA-56fh-gxc8-3p64: Time-of-check time-of-use (toctou) race condition in Windows HTTP↗2026-02-10 CVEListWindows HTTP.sys Elevation of Privilege Vulnerability↗2026-02-10 📋Vendor Advisories
1MicrosoftWindows HTTP.sys Elevation of Privilege Vulnerability↗2026-02-10 🕵️Threat Intelligence
1WizCVE-2026-21240 Impact, Exploitability, and Mitigation Steps | Wiz↗