CVE-2026-49787
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-49787, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Allocation of resources without limits or throttling in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft http.sys *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-49787 is a vulnerability in Windows HTTP.sys where resources are allocated without proper limits or throttling. This flaw allows an unauthorized attacker to send requests or inputs that consume excessive system resources, such as memory or CPU, without restriction.

As a result, the system may become unresponsive or crash, leading to a denial of service (DoS) condition. The attack can be carried out remotely over a network, meaning the attacker does not need physical access or authentication to exploit the vulnerability.

Impact Analysis

This vulnerability can impact you in several ways:

  • Service disruption: If you are running a Windows system that uses HTTP.sys (such as a web server or application relying on it), an attacker could exploit this flaw to crash the system or make it unresponsive, leading to downtime.
  • Loss of availability: Critical services or applications that depend on HTTP.sys may become unavailable, affecting business operations, customer access, or internal workflows.
  • Increased operational costs: Recovering from a denial of service attack may require manual intervention, such as restarting systems or applying patches, which can consume time and resources.

Since the vulnerability can be exploited remotely and without authentication, the risk of widespread impact is higher, especially for internet-facing systems.

Compliance Impact

This vulnerability can affect compliance with common standards and regulations in the following ways:

  • GDPR (General Data Protection Regulation): While GDPR primarily focuses on data privacy and protection, a denial of service attack caused by this vulnerability could lead to service unavailability. If the affected system processes or stores personal data, prolonged downtime might violate GDPR's requirement for ensuring the availability and resilience of processing systems (Article 32).
  • HIPAA (Health Insurance Portability and Accountability Act): For organizations handling protected health information (PHI), this vulnerability could disrupt access to critical healthcare systems. HIPAA requires covered entities to ensure the confidentiality, integrity, and availability of PHI. A successful denial of service attack could violate the availability requirement, potentially leading to non-compliance.
  • Other standards (e.g., ISO 27001, NIST): Many cybersecurity frameworks emphasize the importance of maintaining system availability and protecting against service disruptions. Exploiting this vulnerability could indicate a failure to implement adequate controls for resource management and denial of service protection, which may be required under these standards.

Organizations should assess the potential impact of this vulnerability on their compliance posture and take corrective actions, such as applying patches or implementing mitigations, to avoid regulatory risks.

Detection Guidance

Detection of CVE-2026-49787 on your network or system may involve monitoring for unusual resource consumption or denial-of-service conditions related to HTTP.sys. Since the vulnerability involves resource allocation without limits or throttling, you can check for abnormal behavior in HTTP.sys processes or network traffic.

  • Use Windows Event Viewer to check for system or application logs related to HTTP.sys errors or crashes. Look for Event IDs that indicate resource exhaustion or service failures.
  • Monitor network traffic for unusual patterns, such as excessive requests targeting HTTP.sys, which could indicate an attempted exploit. Tools like Wireshark or Windows Performance Monitor can help track network and system resource usage.
  • Check the version of HTTP.sys installed on your system. Ensure it is updated to the latest patched version by running the following command in PowerShell: Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\' -Name 'CurrentBuild' or checking installed updates via 'wmic qfe list'.

Microsoft may provide specific detection guidance or tools in their official advisory. Refer to the provided resource for additional details.

Mitigation Strategies

To mitigate CVE-2026-49787, follow these immediate steps:

  • Apply the latest security update from Microsoft that addresses this vulnerability. The update can be obtained through Windows Update or the Microsoft Update Catalog.
  • If patching is not immediately possible, consider implementing network-level protections such as rate limiting or filtering excessive requests to HTTP.sys to reduce the risk of exploitation.
  • Restrict network access to systems running HTTP.sys to trusted sources only, especially if the service is exposed to the internet.
  • Monitor systems for signs of exploitation or unusual activity, such as sudden spikes in resource usage or service crashes.

For detailed mitigation steps, refer to Microsoft's official advisory linked in the resources.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49787. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart