CVE-2026-49794
Undergoing Analysis Undergoing Analysis - In Progress

Out-of-Bounds Read in Windows USB Audio Class Driver

Vulnerability report for CVE-2026-49794, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-15
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft windows_usb_audio_class_driver *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-49794 is an out-of-bounds read vulnerability in the Windows USB Audio Class driver (usbaudio.sys). This flaw allows an unauthorized attacker to disclose sensitive information from the system.

An out-of-bounds read occurs when the software reads data beyond the intended buffer or memory boundary. In this case, the vulnerability is triggered through a physical attack, meaning the attacker needs physical access to the device to exploit it.

  • The vulnerability affects the usbaudio.sys driver, which is part of the Windows operating system.
  • Exploitation requires physical access to the target system, limiting the attack vector to local attackers.
Impact Analysis

This vulnerability can impact you in the following ways:

  • Information Disclosure: An attacker with physical access to your system could exploit this flaw to read sensitive data from memory, potentially exposing confidential information.
  • Limited Scope: Since the attack requires physical access, the risk is higher for systems in unsecured locations or shared environments.
  • No Impact on Integrity or Availability: The vulnerability does not allow the attacker to modify data or disrupt system operations, as it only enables information disclosure.
Compliance Impact

This vulnerability may affect compliance with common standards and regulations in the following ways:

  • GDPR: If the disclosed information includes personal data of EU citizens, this vulnerability could lead to a breach of GDPR requirements, which mandate the protection of personal data. Organizations may face penalties if they fail to mitigate such risks.
  • HIPAA: For organizations handling protected health information (PHI), this vulnerability could result in unauthorized access to sensitive patient data, violating HIPAA's security and privacy rules. This may lead to compliance violations and potential fines.
  • Other Standards: Depending on the industry, this vulnerability could also impact compliance with standards like PCI DSS (if payment data is exposed) or other data protection regulations that require safeguarding sensitive information.

However, the impact on compliance depends on the nature of the disclosed information and whether the affected system processes regulated data.

Detection Guidance

Detecting this vulnerability requires checking for the presence of the vulnerable Windows USB Audio Class driver (usbaudio.sys) and verifying if it is an affected version. Since this vulnerability involves a physical attack vector, traditional network-based detection methods may not be applicable.

  • Check the version of usbaudio.sys on your system. You can use the following command in Command Prompt to find the file version:
  • wmic datafile where name="C:\\Windows\\System32\\drivers\\usbaudio.sys" get Version
  • Compare the version number with the patched version provided by Microsoft in their security update guide for CVE-2026-49794.
  • Monitor physical access to systems, as exploitation requires physical interaction with the device.

Since this is a local physical attack, network-based detection tools like IDS/IPS or vulnerability scanners may not identify this issue. Focus on system hardening and patch management.

Mitigation Strategies

To mitigate this vulnerability, follow these steps:

  • Apply the latest security updates from Microsoft that address CVE-2026-49794. Refer to the Microsoft Security Update Guide for the specific patch.
  • Restrict physical access to systems to prevent unauthorized attackers from exploiting the vulnerability.
  • Disable USB audio devices if they are not required for system functionality, as this reduces the attack surface.
  • Monitor Microsoft's security advisories for any additional guidance or updates related to this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49794. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart