CVE-2026-25167
published 2026-03-10CVE-2026-25167: Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
high7.4CVSS 3.1
AVLACHPRNUINSUCHIHAH
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_24h2 | < 10.0.26100.7979 | 10.0.26100.7979 |
| microsoft | windows_11_25h2 | < 10.0.26200.7979 | 10.0.26200.7979 |
| microsoft | windows_11_26h1 | < 10.0.28000.1719 | 10.0.28000.1719 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.8037 | 10.0.26100.8037 |
| microsoft | windows_11_version_25h2 | >= 10.0.26200.0 < 10.0.26200.8037 | 10.0.26200.8037 |
| microsoft | windows_11_version_26h1 | >= 10.0.28000.0 < 10.0.28000.1719 | 10.0.28000.1719 |
| microsoft | windows_server_2025 | < 10.0.26100.32463 | 10.0.26100.32463 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.32522 | 10.0.26100.32522 |
| msrc | windows_11_version_24h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_25h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_25h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_26h1_for_arm64-based_systems | — | — |
| msrc | windows_11_version_26h1_for_x64-based_systems | — | — |
| msrc | windows_server_2025 | — | — |