CVE-2026-3006
Awaiting Analysis
Awaiting Analysis - Queue
Kernel Heap Overflow Race Condition Enables Local Privilege Escalation
Vulnerability report for CVE-2026-3006, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-27
Last updated on: 2026-06-30
Assigner: CSA
Description
Description
Successful exploitation of the race condition vulnerability could allow
an attacker to trigger a kernel heap overflow, potentially leading to local privilege
escalation and granting system-level access to the affected software.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| winfsp | winfsp | to 2.1.25156 (exc) |
| winfsp | winfsp | 2.2B1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-362 | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
| CWE-368 | A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker to modify or misrepresent the product's behavior during the switch. |