CVE-2026-32093

CWE-122 — Heap-based Buffer Overflow CWE-362 — Race Condition CWE-3673 documents3 sources

Severity

7.0HIGH

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1809 Microsoft Windows 10 Version 21h2 +17 more

Timeline

PublishedApr 14

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages20 packages

▶CVEListV5microsoft/windows_server_20126.2.9200.0 — 6.2.9200.26026

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.9060

▶CVEListV5microsoft/windows_server_201910.0.17763.0 — 10.0.17763.8644

▶CVEListV5microsoft/windows_server_202210.0.20348.0 — 10.0.20348.5020

▶CVEListV5microsoft/windows_server_202510.0.26100.0 — 10.0.26100.32690

🔴Vulnerability Details

CVEList

Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability↗2026-04-14

▶

VulDB

Microsoft Windows up to Server 2025 Function Discovery Service fdwsd.dll race condition↗2026-04-14

▶