CVE-2026-54991
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-54991, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft windows_usb_print_driver *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-54991 is a race condition vulnerability in the Windows USB Print Driver. A race condition occurs when multiple processes or threads access a shared resource without proper synchronization, leading to unpredictable behavior.

In this case, the vulnerability allows an authorized attacker with local access to exploit the improper synchronization in the driver. By doing so, the attacker can elevate their privileges on the system, gaining higher levels of access than originally intended.

Impact Analysis

If you are affected by this vulnerability, an attacker with local access to your system could exploit it to gain elevated privileges.

  • The attacker could execute arbitrary code with higher permissions, potentially taking full control of the system.
  • This could lead to unauthorized access to sensitive data, installation of malware, or disruption of system operations.

The CVSS score of 7.8 (High) indicates that the impact is significant, particularly for confidentiality, integrity, and availability of the affected system.

Compliance Impact

This vulnerability could impact compliance with standards and regulations in the following ways:

  • GDPR: If the affected system processes personal data of EU citizens, a successful exploit could lead to unauthorized access or disclosure of that data, violating GDPR requirements for data protection and confidentiality.
  • HIPAA: For organizations handling protected health information (PHI), this vulnerability could result in unauthorized access to sensitive patient data, violating HIPAA's security and privacy rules.
  • Other standards (e.g., ISO 27001, NIST): The vulnerability may indicate a failure to implement proper access controls or secure coding practices, which are required for compliance with these frameworks.

Organizations should assess the risk posed by this vulnerability and apply patches or mitigations to maintain compliance with relevant regulations.

Mitigation Strategies

Apply the security update provided by Microsoft to address the race condition in the Windows USB Print Driver.

To mitigate this vulnerability, follow these steps:

  • Check for available updates via Windows Update or the Microsoft Update Catalog.
  • Install the patch for CVE-2026-54991 as soon as possible, as referenced in the Microsoft Security Update Guide.
  • Restrict local access to systems to only authorized users to reduce the risk of exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54991. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart