Microsoft Windows 11 Version 23H2 vulnerabilities

1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs

1,661

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL25HIGH1170MEDIUM458LOW8

Vulnerabilities

SortPage 31 of 84

CVE-2026-45593P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-45593 [HIGH] CWE-190 CVE-2026-45593: Use after free in Windows SDK allows an authorized attacker to elevate privileges locally. Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-42983P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-42983 [HIGH] CWE-416 CVE-2026-42983: Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-27923P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-27923 [HIGH] CWE-416 CVE-2026-27923: Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-44802P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-44802 [HIGH] CWE-416 CVE-2026-44802: Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-32160P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-32160 [HIGH] CWE-362 CVE-2026-32160: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-32158P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-32158 [HIGH] CWE-362 CVE-2026-32158: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-32159P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-32159 [HIGH] CWE-362 CVE-2026-32159: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-32153P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-32153 [HIGH] CWE-362 CVE-2026-32153: Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges local Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-20930P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-20930 [HIGH] CWE-362 CVE-2026-20930: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-42978P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-42978 [HIGH] CWE-362 CVE-2026-42978: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-26168P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-26168 [HIGH] CWE-362 CVE-2026-26168: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-26167P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-26167 [HIGH] CWE-362 CVE-2026-26167: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-42979P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-42979 [HIGH] CWE-362 CVE-2026-42979: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-42977P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-42977 [HIGH] CWE-362 CVE-2026-42977: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-42991P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-42991 [HIGH] CWE-362 CVE-2026-42991: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-45639P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-45639 [HIGH] CWE-125 CVE-2026-45639: Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a net Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2026-42908P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-42908 [HIGH] CWE-125 CVE-2026-42908: Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a net Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2026-20844P3HIGHCVSS 7.4≥ 10.0.22631.0, < 10.0.22631.64912026-01-13

CVE-2026-20844 [HIGH] CWE-362 CVE-2026-20844: Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges loc Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally.

nvd

CVE-2025-50161P3HIGHCVSS 7.3≥ 10.0.22631.0, < 10.0.22631.57682025-08-12

CVE-2025-50161 [HIGH] CWE-122 CVE-2025-50161: Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privile Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-32156P3HIGHCVSS 7.4≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-32156 [HIGH] CWE-416 CVE-2026-32156: Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.

nvd

← Previous31 / 84Next →