Windows COM Privilege Elevation via Untrusted Data Acceptance

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.4

Windows COM Privilege Elevation via Untrusted Data Acceptance

CVE-2026-32162

Summary

Attackers can exploit a weakness in Windows' Component Object Model to gain elevated privileges on a local computer. This means they could potentially take control of your system, which is a serious risk. To protect your network, ensure that all Windows systems are up to date with the latest security patches.

Original title

Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.

Original description

Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.

nvd CVSS3.1 8.4

Vulnerability type

CWE-349

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32162

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026