Windows Push Notifications Privilege Elevation Vulnerability

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Windows Push Notifications Privilege Elevation Vulnerability

CVE-2026-32158

Summary

An attacker with permission to use Windows Push Notifications can potentially gain elevated privileges on a local system. This is a serious issue because it allows unauthorized access to sensitive system functions. To protect against this vulnerability, ensure that Windows is fully updated and use the latest version of the Windows Push Notifications service.

Original title

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Original description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.8

Vulnerability type

CWE-362 Race Condition

CWE-416 Use After Free

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32158

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026