CVE-2026-23671

CWE-362Race ConditionCWE-416Use After Free5 documents5 sources
Severity
7.0HIGH
EPSS
0.0%
top 89.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
25
Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809Microsoft Windows 10 Version 21h2+22 more
Timeline
PublishedMar 10

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages25 packages

NVDmicrosoft/windows< 10.0.14393.8957+4
NVDmicrosoft/windows_10_1607< 10.0.14393.8957
NVDmicrosoft/windows_10_1809< 10.0.17763.8511
NVDmicrosoft/windows_10_21h2< 10.0.19044.7058
NVDmicrosoft/windows_10_22h2< 10.0.19045.7058

🔴Vulnerability Details

2
GHSA
GHSA-m9m8-hx7m-5rv8: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an autho2026-03-10
CVEList
Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability2026-03-10

📋Vendor Advisories

1
Microsoft
Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability2026-03-10

🕵️Threat Intelligence

1
Wiz
CVE-2026-23671 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23671 (HIGH CVSS 7) | Concurrent execution using shared r | cvebase.io