CVE-2026-42982
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-42982, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Improper validation of consistency within input in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft windows_secure_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1288 The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-42982 is a vulnerability in Windows Secure Kernel Mode. It involves improper validation of consistency within input, which means the system does not correctly check or sanitize the data it receives.

This flaw allows an authorized attackerβ€”someone who already has some level of access to the systemβ€”to elevate their privileges locally. Privilege elevation means the attacker can gain higher-level permissions, such as administrative rights, which they could use to perform unauthorized actions on the system.

Impact Analysis

If you are affected by this vulnerability, an attacker with local access to your system could exploit it to gain elevated privileges. This could lead to several serious consequences:

  • Unauthorized access to sensitive data stored on the system.
  • Installation of malware or other malicious software without your knowledge.
  • Modification or deletion of critical system files, leading to system instability or failure.
  • Full control over the affected system, allowing the attacker to perform actions as if they were an administrator.

Since the vulnerability requires local access, the risk is higher in environments where multiple users share a system or where an attacker already has limited access.

Compliance Impact

This vulnerability could impact compliance with several common standards and regulations, depending on the context of its exploitation:

  • GDPR (General Data Protection Regulation): If the vulnerability is exploited to gain unauthorized access to personal data, it could lead to a data breach. Under GDPR, organizations must protect personal data and report breaches within 72 hours. Failure to mitigate this vulnerability could result in non-compliance and potential fines.
  • HIPAA (Health Insurance Portability and Accountability Act): In healthcare environments, if the vulnerability is used to access protected health information (PHI), it could constitute a breach under HIPAA. Covered entities must implement safeguards to protect PHI, and failure to address this vulnerability could lead to violations and penalties.
  • Other standards like ISO 27001, NIST, or PCI DSS: These frameworks require organizations to maintain secure systems and protect sensitive information. An unpatched vulnerability like this could indicate a failure to meet security controls, leading to non-compliance and potential audit failures.

To maintain compliance, organizations should apply patches or mitigations provided by Microsoft as soon as possible and ensure their systems are regularly updated and monitored for potential exploitation.

Mitigation Strategies

Apply the security update provided by Microsoft to address CVE-2026-42982. The update will include fixes for the improper validation of consistency within input in Windows Secure Kernel Mode.

  • Visit the Microsoft Security Response Center (MSRC) update guide for CVE-2026-42982 to download and install the latest patch.
  • Ensure all systems running affected versions of Windows are updated promptly to prevent local privilege escalation attacks.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42982. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart