Windows MapUrlToZone vulnerability allows network attacks

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

Windows MapUrlToZone vulnerability allows network attacks

CVE-2026-23674

Summary

An attacker can bypass a security feature on Windows systems by exploiting a weakness in how URLs are processed. This could allow them to access restricted areas of a network. To protect against this, ensure Windows is up to date with the latest security patches.

Original title

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

Original description

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

nvd CVSS3.1 7.5

Vulnerability type

CWE-41

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23674

Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026