CVE-2026-26181
published 2026-04-14CVE-2026-26181: Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_23h2 | < 10.0.22631.6936 | 10.0.22631.6936 |
| microsoft | windows_11_24h2 | < 10.0.26100.8246 | 10.0.26100.8246 |
| microsoft | windows_11_25h2 | < 10.0.26200.8246 | 10.0.26200.8246 |
| microsoft | windows_11_26h1 | < 10.0.28000.1836 | 10.0.28000.1836 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.6936 | 10.0.22631.6936 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.6936 | 10.0.22631.6936 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.8246 | 10.0.26100.8246 |
| microsoft | windows_11_version_25h2 | >= 10.0.26200.0 < 10.0.26200.8246 | 10.0.26200.8246 |
| microsoft | windows_11_version_26h1 | >= 10.0.28000.0 < 10.0.28000.1836 | 10.0.28000.1836 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.2274 | 10.0.25398.2274 |
| microsoft | windows_server_2025 | < 10.0.26100.32690 | 10.0.26100.32690 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.32690 | 10.0.26100.32690 |