cbcvebase.
CVE-2026-32163
published 2026-04-14

CVE-2026-32163: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to…

high7.8CVSS 3.1
AVLACHPRLUINSCCHIHAH
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

Affected

22 ranges
VendorProductVersion rangeFixed in
microsoftwindows_10_1809< 10.0.17763.864410.0.17763.8644
microsoftwindows_10_21h2< 10.0.19044.718410.0.19044.7184
microsoftwindows_10_22h2< 10.0.19045.718410.0.19045.7184
microsoftwindows_10_version_1809>= 10.0.17763.0 < 10.0.17763.864410.0.17763.8644
microsoftwindows_10_version_21h2>= 10.0.19044.0 < 10.0.19044.718410.0.19044.7184
microsoftwindows_10_version_22h2>= 10.0.19045.0 < 10.0.19045.718410.0.19045.7184
microsoftwindows_11_23h2< 10.0.22631.693610.0.22631.6936
microsoftwindows_11_24h2< 10.0.26100.824610.0.26100.8246
microsoftwindows_11_25h2< 10.0.26200.824610.0.26200.8246
microsoftwindows_11_26h1< 10.0.28000.183610.0.28000.1836
microsoftwindows_11_version_22h3>= 10.0.22631.0 < 10.0.22631.693610.0.22631.6936
microsoftwindows_11_version_23h2>= 10.0.22631.0 < 10.0.22631.693610.0.22631.6936
microsoftwindows_11_version_24h2>= 10.0.26100.0 < 10.0.26100.824610.0.26100.8246
microsoftwindows_11_version_25h2>= 10.0.26200.0 < 10.0.26200.824610.0.26200.8246
microsoftwindows_11_version_26h1>= 10.0.28000.0 < 10.0.28000.183610.0.28000.1836
microsoftwindows_server_2019< 10.0.17763.864410.0.17763.8644
microsoftwindows_server_2019>= 10.0.17763.0 < 10.0.17763.864410.0.17763.8644
microsoftwindows_server_2022< 10.0.20348.502010.0.20348.5020
microsoftwindows_server_2022>= 10.0.20348.0 < 10.0.20348.502010.0.20348.5020
microsoftwindows_server_2022_23h2< 10.0.25398.227410.0.25398.2274
microsoftwindows_server_2025< 10.0.26100.3269010.0.26100.32690
microsoftwindows_server_2025>= 10.0.26100.0 < 10.0.26100.3269010.0.26100.32690