CVE-2026-26165
published 2026-04-14CVE-2026-26165: Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.
high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_23h2 | < 10.0.22631.6936 | 10.0.22631.6936 |
| microsoft | windows_11_24h2 | < 10.0.26100.8246 | 10.0.26100.8246 |
| microsoft | windows_11_25h2 | < 10.0.26200.8246 | 10.0.26200.8246 |
| microsoft | windows_11_26h1 | < 10.0.28000.1836 | 10.0.28000.1836 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.6936 | 10.0.22631.6936 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.6936 | 10.0.22631.6936 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.8246 | 10.0.26100.8246 |
| microsoft | windows_11_version_25h2 | >= 10.0.26200.0 < 10.0.26200.8246 | 10.0.26200.8246 |
| microsoft | windows_11_version_26h1 | >= 10.0.28000.0 < 10.0.28000.1836 | 10.0.28000.1836 |
| microsoft | windows_server_2022 | < 10.0.20348.5020 | 10.0.20348.5020 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.5020 | 10.0.20348.5020 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.2274 | 10.0.25398.2274 |
| microsoft | windows_server_2025 | < 10.0.26100.32690 | 10.0.26100.32690 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.32690 | 10.0.26100.32690 |