CVE-2026-26179
Double Free in Windows Kernel Enables Local Privilege Escalation
Publication date: 2026-04-14
Last updated on: 2026-04-23
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | windows_11_23h2 | to 10.0.22631.6936 (exc) |
| microsoft | windows_11_23h2 | to 10.0.22631.6936 (exc) |
| microsoft | windows_11_24h2 | to 10.0.26100.8246 (exc) |
| microsoft | windows_11_24h2 | to 10.0.26100.8246 (exc) |
| microsoft | windows_11_25h2 | to 10.0.26200.8246 (exc) |
| microsoft | windows_11_25h2 | to 10.0.26200.8246 (exc) |
| microsoft | windows_11_26h1 | to 10.0.28000.1836 (exc) |
| microsoft | windows_11_26h1 | to 10.0.28000.1836 (exc) |
| microsoft | windows_server_2022_23h2 | to 10.0.25398.2274 (exc) |
| microsoft | windows_server_2025 | to 10.0.26100.32690 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-415 | The product calls free() twice on the same memory address. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a double free issue in the Windows Kernel. It allows an authorized attacker to perform a local privilege escalation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an authorized attacker to elevate privileges locally by exploiting a double free in the Windows Kernel.
Such elevation of privilege vulnerabilities can potentially lead to unauthorized access to sensitive data or system resources, which may impact compliance with standards like GDPR and HIPAA that require strict access controls and protection of personal and health information.
However, specific impacts on compliance with these regulations are not detailed in the provided information.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability allows an authorized attacker to elevate privileges locally due to a double free in the Windows Kernel.
To mitigate this vulnerability, it is recommended to apply the security updates provided by Microsoft as detailed in their official update guide.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker with local access to elevate their privileges, potentially gaining higher-level permissions on the affected system.