Windows Push Notifications Local Privilege Escalation Risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

Windows Push Notifications Local Privilege Escalation Risk

CVE-2026-26167

Summary

An attacker with permission to send notifications can potentially gain elevated privileges on a Windows system. This is because a security flaw in the way Windows handles notifications allows unauthorized access to system resources. To mitigate this risk, ensure that only trusted users have permission to send notifications and keep Windows up to date with the latest security patches.

Original title

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Original description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 8.8

Vulnerability type

CWE-362 Race Condition

CWE-416 Use After Free

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26167

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026