Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Windows File Server Privilege Elevation Vulnerability
CVE-2026-24283
Summary
An attacker who is authenticated on a Windows File Server may be able to gain elevated permissions on the server, potentially allowing them to access sensitive data or manipulate system settings. This vulnerability affects Windows File Server software and can be exploited by authorized users. To mitigate this risk, ensure that all users with elevated access are closely monitored and that the server's access controls are regularly reviewed and updated.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| microsoft | windows_11_24h2 | <= 10.0.26100.7979 | – |
| microsoft | windows_11_24h2 | <= 10.0.26100.7979 | – |
| microsoft | windows_11_25h2 | <= 10.0.26200.7979 | – |
| microsoft | windows_11_25h2 | <= 10.0.26200.7979 | – |
| microsoft | windows_11_26h1 | <= 10.0.28000.1719 | – |
| microsoft | windows_11_26h1 | <= 10.0.28000.1719 | – |
| microsoft | windows_server_2022_23h2 | <= 10.0.25398.2207 | – |
| microsoft | windows_server_2025 | <= 10.0.26100.32463 | – |
Original title
Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally.
Original description
Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally.
nvd CVSS3.1
8.8
Vulnerability type
CWE-122
Heap-based Buffer Overflow
Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026