CVE-2026-58614
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-58614, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft windows_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

This vulnerability could have implications for compliance with standards and regulations that require protection of sensitive data and system integrity.

  • GDPR: If the vulnerability leads to unauthorized access to personal data, it could result in a breach of GDPR requirements for data protection and confidentiality. Organizations may need to report the incident if it affects personal data of EU citizens.
  • HIPAA: For healthcare organizations, if the vulnerability exposes protected health information (PHI), it could violate HIPAA's Security Rule, which mandates safeguards for electronic PHI.
  • Other standards like ISO 27001 or NIST frameworks may also be impacted, as they require organizations to implement controls to prevent unauthorized access to systems and data.

Failure to address this vulnerability could lead to non-compliance, potential fines, or reputational damage if exploited.

Mitigation Strategies

Apply the security update provided by Microsoft to address CVE-2026-58614. The update can be found on the Microsoft Update Guide for this vulnerability.

  • Ensure all systems running the affected Windows Kernel are patched as soon as possible to prevent exploitation.
  • Monitor Microsoft's official communications for any additional guidance or updates related to this vulnerability.
Executive Summary

CVE-2026-58614 is an out-of-bounds read vulnerability in the Windows Kernel. This flaw allows an authorized attacker with local access to bypass a security feature on the system. The vulnerability occurs when the kernel improperly reads data outside the bounds of allocated memory, which can be exploited to circumvent security protections.

The CVSS v3.1 score for this vulnerability is 5.5, indicating a medium severity. The vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N means the attack requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), no user interaction (UI:N), and impacts confidentiality (C:H) without affecting integrity or availability.

Impact Analysis

If exploited, this vulnerability could allow an attacker with local access to your system to bypass security features designed to protect sensitive data or system integrity. The impact is primarily on confidentiality, meaning the attacker could potentially access restricted information without authorization.

  • An attacker could exploit this flaw to read sensitive data from kernel memory, which might include credentials, encryption keys, or other confidential information.
  • The vulnerability does not directly allow code execution or system crashes, but bypassing security features could enable further attacks or privilege escalation.

Since the attack requires local access, the risk is higher for systems where multiple users share access or where an attacker has already gained limited privileges.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58614. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart