Windows Push Notifications Privilege Elevation Vulnerability

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Windows Push Notifications Privilege Elevation Vulnerability

CVE-2026-26172

Summary

An attacker with permission to send push notifications to a Windows system may be able to gain elevated privileges on the system, potentially allowing them to access sensitive data or make unauthorized changes. This vulnerability exists because Windows Push Notifications does not properly synchronize access to shared resources, allowing an attacker to take advantage of a 'race condition'. To protect your system, ensure that Windows is updated with the latest security patches and consider implementing additional security measures to restrict access to push notification services.

Original title

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Original description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.8

Vulnerability type

CWE-362 Race Condition

CWE-416 Use After Free

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26172

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026