Windows Server Update Service Privilege Escalation Risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.0

Windows Server Update Service Privilege Escalation Risk

CVE-2026-26174

Summary

A bug in Windows Server Update Service could let an authorized user gain extra privileges on the system. This is a concern because it could allow an attacker to take control of your server. To protect your system, apply the latest updates as soon as possible.

Original title

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally.

Original description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.0

Vulnerability type

CWE-362 Race Condition

CWE-416 Use After Free

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26174

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026