cbcvebase.
CVE-2026-27907
published 2026-04-14

CVE-2026-27907: Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.

Affected

12 ranges
VendorProductVersion rangeFixed in
microsoftwindows_11_23h2< 10.0.22631.693610.0.22631.6936
microsoftwindows_11_24h2< 10.0.26100.824610.0.26100.8246
microsoftwindows_11_25h2< 10.0.26200.824610.0.26200.8246
microsoftwindows_11_26h1< 10.0.28000.183610.0.28000.1836
microsoftwindows_11_version_22h3>= 10.0.22631.0 < 10.0.22631.693610.0.22631.6936
microsoftwindows_11_version_23h2>= 10.0.22631.0 < 10.0.22631.693610.0.22631.6936
microsoftwindows_11_version_24h2>= 10.0.26100.0 < 10.0.26100.824610.0.26100.8246
microsoftwindows_11_version_25h2>= 10.0.26200.0 < 10.0.26200.824610.0.26200.8246
microsoftwindows_11_version_26h1>= 10.0.28000.0 < 10.0.28000.183610.0.28000.1836
microsoftwindows_server_2022_23h2< 10.0.25398.227410.0.25398.2274
microsoftwindows_server_2025< 10.0.26100.3269010.0.26100.32690
microsoftwindows_server_2025>= 10.0.26100.0 < 10.0.26100.3269010.0.26100.32690