CVE-2026-41088
published 2026-05-12CVE-2026-41088: Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_21h2 | < 10.0.19044.7291 | 10.0.19044.7291 |
| microsoft | windows_10_22h2 | < 10.0.19045.7291 | 10.0.19045.7291 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.7291 | 10.0.19044.7291 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.7291 | 10.0.19045.7291 |
| microsoft | windows_11_23h2 | < 10.0.22631.7079 | 10.0.22631.7079 |
| microsoft | windows_11_24h2 | < 10.0.26100.8390 | 10.0.26100.8390 |
| microsoft | windows_11_25h2 | < 10.0.26200.8390 | 10.0.26200.8390 |
| microsoft | windows_11_26h1 | < 10.0.28000.2113 | 10.0.28000.2113 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.7079 | 10.0.22631.7079 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.8457 | 10.0.26100.8457 |
| microsoft | windows_11_version_25h2 | >= 10.0.26200.0 < 10.0.26200.8457 | 10.0.26200.8457 |
| microsoft | windows_11_version_26h1 | >= 10.0.28000.0 < 10.0.28000.2113 | 10.0.28000.2113 |
| microsoft | windows_server_2022 | < 10.0.20348.5074 | 10.0.20348.5074 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.5139 | 10.0.20348.5139 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.2330 | 10.0.25398.2330 |
| microsoft | windows_server_2025 | < 10.0.26100.32772 | 10.0.26100.32772 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.32860 | 10.0.26100.32860 |