CVE-2026-23668

Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 160710.0.14393.0 < 10.0.14393.8957affected
MicrosoftWindows 10 Version 180910.0.17763.0 < 10.0.17763.8511affected
MicrosoftWindows 10 Version 21H210.0.19044.0 < 10.0.19044.7058affected
MicrosoftWindows 10 Version 22H210.0.19045.0 < 10.0.19045.7058affected
MicrosoftWindows 11 version 22H310.0.22631.0 < 10.0.22631.6783affected
MicrosoftWindows 11 Version 23H210.0.22631.0 < 10.0.22631.6783affected
MicrosoftWindows Server 20126.2.9200.0 < 6.2.9200.25973affected
MicrosoftWindows Server 2012 (Server Core installation)6.2.9200.0 < 6.2.9200.25973affected
MicrosoftWindows Server 2012 R26.3.9600.0 < 6.3.9600.23074affected
MicrosoftWindows Server 2012 R2 (Server Core installation)6.3.9600.0 < 6.3.9600.23074affected
MicrosoftWindows Server 201610.0.14393.0 < 10.0.14393.8957affected
MicrosoftWindows Server 2016 (Server Core installation)10.0.14393.0 < 10.0.14393.8957affected
MicrosoftWindows Server 201910.0.17763.0 < 10.0.17763.8511affected
MicrosoftWindows Server 2019 (Server Core installation)10.0.17763.0 < 10.0.17763.8511affected
MicrosoftWindows Server 202210.0.20348.0 < 10.0.20348.4893affected
MicrosoftWindows Server 2022, 23H2 Edition (Server Core installation)10.0.25398.0 < 10.0.25398.2207affected

Weaknesses

  • CWE-362: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References