CVE-2026-49170
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-49170, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Insufficient granularity of access control in Windows StateRepository API allows an authorized attacker to elevate privileges locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft windows *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-1220 The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-49170 is a vulnerability in the Windows StateRepository API. It involves insufficient granularity of access control, meaning the API does not properly restrict access to certain functions or data.

An authorized attacker with low privileges on a local system can exploit this flaw to elevate their privileges. This could allow them to gain higher-level permissions, such as administrative access, on the affected system.

The vulnerability is classified as an elevation of privilege (EoP) issue, and it requires local access to exploit.

Impact Analysis

If you are using a Windows system affected by this vulnerability, the impact could be significant.

  • An attacker with low-level access to your system could exploit this vulnerability to gain elevated privileges, such as administrative rights.
  • With elevated privileges, the attacker could perform actions like installing malware, accessing or modifying sensitive data, or disrupting system operations.
  • This could lead to data breaches, system compromise, or unauthorized control over the affected machine.

The CVSS base score of 7.8 indicates a high severity, meaning the risk of exploitation is considerable if the system is not patched.

Compliance Impact

This vulnerability could have implications for compliance with various standards and regulations, depending on the context of its exploitation.

  • GDPR: If the vulnerability is exploited to access or exfiltrate personal data of EU citizens, it could lead to a data breach. Under GDPR, organizations must protect personal data and report breaches within 72 hours. Failure to do so could result in significant fines.
  • HIPAA: For organizations handling protected health information (PHI) in the U.S., exploitation of this vulnerability could lead to unauthorized access to PHI. This would constitute a breach under HIPAA, requiring notification and potentially resulting in penalties.
  • Other standards: Compliance frameworks like ISO 27001, NIST, or PCI DSS require organizations to maintain secure systems and protect sensitive data. Exploitation of this vulnerability could indicate a failure to meet these requirements, leading to non-compliance.

To maintain compliance, organizations should apply patches or mitigations provided by Microsoft to address this vulnerability promptly.

Detection Guidance

The provided context does not include specific detection methods or commands for identifying CVE-2026-49170 on a network or system. This vulnerability involves insufficient access control in the Windows StateRepository API, which is a local privilege escalation issue.

To detect potential exploitation or misconfigurations related to this vulnerability, you may need to check for unusual process activity or unauthorized access to the StateRepository API. However, no explicit detection commands or tools are mentioned in the available resources.

For further guidance, refer to Microsoft's official documentation or security updates, as they may provide specific detection mechanisms or tools.

Mitigation Strategies

The provided context does not include explicit mitigation steps for CVE-2026-49170. However, based on the nature of the vulnerability (local privilege escalation due to insufficient access control), the following general steps are recommended:

  • Apply the latest security updates from Microsoft as soon as they are available. This is the primary mitigation for addressing the vulnerability.
  • Restrict local access to systems to only authorized users, as the vulnerability requires local access to exploit.
  • Monitor systems for unusual activity, such as unauthorized processes attempting to access the StateRepository API.
  • Review Microsoft's official advisory for specific patches or workarounds once they are released.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49170. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart