CVE-2026-3006
Received Received - Intake
Kernel Heap Overflow Race Condition Enables Local Privilege Escalation

Publication date: 2026-04-27

Last updated on: 2026-04-27

Assigner: CSA

Description
Successful exploitation of the race condition vulnerability could allow an attacker to trigger a kernel heap overflow, potentially leading to local privilege escalation and granting system-level access to the affected software.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-27
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-3006
EUVD
EUVD-2026-25755
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
winfsp winfsp to 2.1.25156 (exc)
winfsp winfsp 2.2B1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-3006 is a race condition vulnerability in the Windows File System Proxy (WinFsp), an open-source system software. Exploiting this flaw can trigger a kernel heap overflow, which may allow an attacker to escalate their privileges locally and gain system-level access on the affected software.

Impact Analysis

If exploited, this vulnerability can lead to local privilege escalation, meaning an attacker with limited access could gain higher-level system privileges. This could allow them to execute arbitrary code with system-level permissions, potentially compromising the entire system's security and integrity.

Mitigation Strategies

To mitigate the CVE-2026-3006 vulnerability, users and administrators are strongly advised to update WinFsp to the latest version immediately.

  • Upgrade to WinFsp version 2.2B1 or later, which includes the critical security fix addressing this vulnerability.
  • Verify the integrity of the update by checking the signed release artifacts and SHA256 hashes provided on the official WinFsp GitHub releases page.
Compliance Impact

The provided information does not specify how CVE-2026-3006 affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3006. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart