Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.8
Windows Mobile Broadband allows unauthorized code execution via physical attack
CVE-2026-24288
Summary
An attacker can use a physical attack to execute malicious code on Windows Mobile Broadband devices. This is a serious concern because an attacker could gain control of the device, potentially compromising sensitive information. To mitigate this risk, ensure you have the latest software updates installed and consider using additional security measures such as encryption and secure boot.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| microsoft | windows_10_21h2 | <= 10.0.19044.7058 | – |
| microsoft | windows_10_21h2 | <= 10.0.19044.7058 | – |
| microsoft | windows_10_21h2 | <= 10.0.19044.7058 | – |
| microsoft | windows_10_22h2 | <= 10.0.19045.7058 | – |
| microsoft | windows_10_22h2 | <= 10.0.19045.7058 | – |
| microsoft | windows_10_22h2 | <= 10.0.19045.7058 | – |
Original title
Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack.
Original description
Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack.
nvd CVSS3.1
6.8
Vulnerability type
CWE-122
Heap-based Buffer Overflow
Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026