CVE-2026-54109
Received Received - Intake

Integer Overflow in Windows ReFS Leading to Local Code Execution

Vulnerability report for CVE-2026-54109, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Integer overflow or wraparound in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft windows_resilient_file_system *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

To mitigate CVE-2026-54109, apply the security update provided by Microsoft as soon as possible. The update addresses the integer overflow or wraparound issue in the Windows Resilient File System (ReFS).

  • Visit the Microsoft Security Response Center (MSRC) update guide for CVE-2026-54109 to download and install the latest patch.
  • Ensure all systems running Windows with ReFS are updated to the latest secure version.
  • Restrict local access to authorized users only, as the vulnerability requires local privileges to exploit.
Executive Summary

CVE-2026-54109 is an integer overflow or wraparound vulnerability in the Windows Resilient File System (ReFS). This flaw allows an authorized attacker with local access to execute arbitrary code on the affected system.

An integer overflow occurs when a calculation produces a value that exceeds the storage capacity of the data type, leading to unexpected behavior or memory corruption. In this case, the vulnerability could be exploited to gain control over the system.

The CVSS v3.1 score for this vulnerability is 7.8, indicating a high severity. The vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H means the attack requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), no user interaction (UI:N), and has high impacts on confidentiality, integrity, and availability.

Impact Analysis

If you are using a system with the Windows Resilient File System (ReFS), this vulnerability could have several impacts:

  • An attacker with local access and low privileges could exploit this flaw to execute arbitrary code on your system.
  • Successful exploitation could lead to full system compromise, allowing the attacker to install malware, steal sensitive data, or disrupt operations.
  • Since the vulnerability affects confidentiality, integrity, and availability, it could result in data breaches, unauthorized modifications, or system crashes.

The risk is particularly high in environments where multiple users have local access to the same system or where ReFS is used for critical storage operations.

Compliance Impact

This vulnerability could impact compliance with several standards and regulations, depending on the context of its exploitation:

  • GDPR: If the vulnerability leads to a data breach involving personal data of EU citizens, organizations may fail to meet GDPR requirements for data protection and breach notification. This could result in significant fines and legal consequences.
  • HIPAA: For healthcare organizations, exploitation of this vulnerability could compromise protected health information (PHI), leading to violations of HIPAA's security and privacy rules. This may result in penalties and mandatory corrective actions.
  • Other standards: Compliance with frameworks like ISO 27001, NIST, or PCI DSS may also be affected if the vulnerability is not mitigated, as these require maintaining the confidentiality, integrity, and availability of systems and data.

Organizations should assess the risk posed by this vulnerability and apply patches or mitigations promptly to avoid potential compliance violations.

Detection Guidance

The provided context does not include specific detection methods or commands for identifying the presence of CVE-2026-54109 on a network or system. Detection typically involves checking for vulnerable versions of the Windows Resilient File System (ReFS) or applying security updates provided by Microsoft.

To determine if your system is vulnerable, you may check the installed Windows updates or patches related to ReFS. Microsoft may provide guidance or tools in their security update documentation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54109. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart