CVE-2026-24297

CWE-362 — Race Condition5 documents5 sources

Severity

6.5MEDIUM

EPSS

0.0%

top 85.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1809 Microsoft Windows 10 Version 21h2 +13 more

Timeline

PublishedMar 10

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages17 packages

▶NVDmicrosoft/windows< 10.0.14393.8957+2

▶NVDmicrosoft/windows_10_1607< 10.0.14393.8957

▶NVDmicrosoft/windows_10_1809< 10.0.17763.8511

▶NVDmicrosoft/windows_10_21h2< 10.0.19044.7058

▶NVDmicrosoft/windows_10_22h2< 10.0.19045.7058

🔴Vulnerability Details

GHSA

GHSA-63qj-r8vw-627j: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to byp↗2026-03-10

▶

CVEList

Windows Kerberos Security Feature Bypass Vulnerability↗2026-03-10

▶

📋Vendor Advisories

Microsoft

Windows Kerberos Security Feature Bypass Vulnerability↗2026-03-10

▶

🕵️Threat Intelligence

Wiz

CVE-2026-24297 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶