CVE-2026-32216
Null Pointer Dereference in Windows Redirected Drive Causes DoS
Publication date: 2026-04-14
Last updated on: 2026-04-20
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | windows_11_26h1 | to 10.0.28000.1836 (exc) |
| microsoft | windows_11_26h1 | to 10.0.28000.1836 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a null pointer dereference in Windows Redirected Drive Buffering. It occurs when an authorized attacker causes the system to reference a null pointer, which leads to a denial of service condition locally.
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service (DoS) on the affected system. An authorized attacker can exploit this issue to cause the system to become unavailable or crash locally.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
This vulnerability allows an authorized attacker to cause a denial of service locally by exploiting a null pointer dereference in Windows Redirected Drive Buffering.
To mitigate this vulnerability, it is recommended to apply any security updates or patches provided by Microsoft as soon as they become available.