Windows Push Notifications Local Privilege Escalation Risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Windows Push Notifications Local Privilege Escalation Risk

CVE-2026-32159

Summary

An attacker who has permission to use Windows Push Notifications on a Windows system could potentially gain more power on the system. This risk is highest for systems with multiple users, where an attacker might be able to exploit this weakness to gain unauthorized access. To mitigate this risk, ensure all users with access to the system use strong, unique passwords and keep their operating system and software up to date.

Original title

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Original description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.8

Vulnerability type

CWE-362 Race Condition

CWE-416 Use After Free

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32159

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026