Windows Cryptographic Services stores sensitive data insecurely

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.0

Windows Cryptographic Services stores sensitive data insecurely

CVE-2026-26152

Summary

Sensitive information in Windows Cryptographic Services is not properly secured, potentially allowing authorized attackers to escalate their privileges locally. This could lead to unauthorized access to sensitive data or systems. Update Windows to the latest version to address this issue.

Original title

Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

Original description

Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.0

Vulnerability type

CWE-922

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26152

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026