Windows User Interface Core Privilege Escalation Risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Windows User Interface Core Privilege Escalation Risk

CVE-2026-27911

Summary

An attacker with authorized access to a Windows system can potentially exploit a flaw in the Windows User Interface Core to gain elevated privileges, which could allow them to make unauthorized changes to the system. This is a concern for organizations that rely on Windows systems, as it could enable an attacker to gain a higher level of access than intended. To protect against this risk, ensure that all Windows systems are kept up to date with the latest security patches and updates.

Original title

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

Original description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.8

Vulnerability type

CWE-362 Race Condition

CWE-416 Use After Free

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27911

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026