Windows ReFS Allows Unauthorized File Access on Local Machines

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Windows ReFS Allows Unauthorized File Access on Local Machines

CVE-2026-23673

Summary

An attacker with local access can exploit a flaw in Windows ReFS to read sensitive files they shouldn't be able to access. This puts confidential data at risk. Update Windows to the latest version to fix this issue.

Original title

Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.

Original description

Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.8

Vulnerability type

CWE-125 Out-of-bounds Read

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23673

Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026