CVE-2026-40382: Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

high7.8CVSS 3.1

AVLACLPRLUINSUCHIHAH

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Affected

28 ranges· showing 25

Vendor	Product	Version range	Fixed in
microsoft	windows_10_1607	< 10.0.14393.9140	10.0.14393.9140
microsoft	windows_10_1809	< 10.0.17763.8755	10.0.17763.8755
microsoft	windows_10_21h2	< 10.0.19044.7291	10.0.19044.7291
microsoft	windows_10_22h2	< 10.0.19045.7291	10.0.19045.7291
microsoft	windows_10_version_1607	>= 10.0.14393.0 < 10.0.14393.9140	10.0.14393.9140
microsoft	windows_10_version_1809	>= 10.0.17763.0 < 10.0.17763.8755	10.0.17763.8755
microsoft	windows_10_version_21h2	>= 10.0.19044.0 < 10.0.19044.7291	10.0.19044.7291
microsoft	windows_10_version_22h2	>= 10.0.19045.0 < 10.0.19045.7291	10.0.19045.7291
microsoft	windows_11_23h2	< 10.0.22631.7079	10.0.22631.7079
microsoft	windows_11_24h2	< 10.0.26100.8390	10.0.26100.8390
microsoft	windows_11_25h2	< 10.0.26200.8390	10.0.26200.8390
microsoft	windows_11_26h1	< 10.0.28000.2113	10.0.28000.2113
microsoft	windows_11_version_23h2	>= 10.0.22631.0 < 10.0.22631.7079	10.0.22631.7079
microsoft	windows_11_version_24h2	>= 10.0.26100.0 < 10.0.26100.8457	10.0.26100.8457
microsoft	windows_11_version_25h2	>= 10.0.26200.0 < 10.0.26200.8457	10.0.26200.8457
microsoft	windows_11_version_26h1	>= 10.0.28000.0 < 10.0.28000.2113	10.0.28000.2113
microsoft	windows_server_2012	—	—
microsoft	windows_server_2012	>= 6.2.9200.0 < 6.2.9200.26079	6.2.9200.26079
microsoft	windows_server_2012_r2	>= 6.3.9600.0 < 6.3.9600.23181	6.3.9600.23181
microsoft	windows_server_2016	< 10.0.14393.9140	10.0.14393.9140
microsoft	windows_server_2016	>= 10.0.14393.0 < 10.0.14393.9140	10.0.14393.9140
microsoft	windows_server_2019	< 10.0.17763.8755	10.0.17763.8755
microsoft	windows_server_2019	>= 10.0.17763.0 < 10.0.17763.8755	10.0.17763.8755
microsoft	windows_server_2022	< 10.0.20348.5074	10.0.20348.5074
microsoft	windows_server_2022	>= 10.0.20348.0 < 10.0.20348.5139	10.0.20348.5139