CVE-2026-40399 | BaseFortify

Thank you illustration

Thank you for your feedback!

Your input helps us improve and create a better experience for you. We appreciate your time!

CVE-2026-40399

Analyzed Analyzed - Analysis Complete

BaseFortify

Publication date: 2026-05-12

Last updated on: 2026-05-15

Assigner: Microsoft Corporation

Description

Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-12

Last Modified

2026-05-15

Generated

2026-05-20

EPSS Evaluated

2026-05-19

NVD

Affected Vendors & Products

Vendor	Product	Version / Range
microsoft	windows_10_1607	to 10.0.14393.9140 (exc)
microsoft	windows_10_1809	to 10.0.17763.8755 (exc)
microsoft	windows_10_21h2	to 10.0.19044.7291 (exc)
microsoft	windows_10_22h2	to 10.0.19045.7291 (exc)
microsoft	windows_11_23h2	to 10.0.22631.7079 (exc)
microsoft	windows_11_24h2	to 10.0.26100.8390 (exc)
microsoft	windows_11_25h2	to 10.0.26200.8390 (exc)
microsoft	windows_11_26h1	to 10.0.28000.2113 (exc)
microsoft	windows_server_2016	to 10.0.14393.9140 (exc)
microsoft	windows_server_2019	to 10.0.17763.8755 (exc)
microsoft	windows_server_2022	to 10.0.20348.5074 (exc)
microsoft	windows_server_2022_23h2	to 10.0.25398.2330 (exc)
microsoft	windows_server_2025	to 10.0.26100.32772 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-121	A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

EPSS Chart