CVE-2026-3006

Summary

Successful exploitation of the race condition vulnerability could allow an attacker to trigger a kernel heap overflow, potentially leading to local privilege escalation and granting system-level access to the affected software.

Affected Software

VendorProductVersion RangeStatus
WinFSPWinFSP2.1.25156 and loweraffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

winfsp: winfsp: Local privilege escalation via race condition and kernel heap overflow

Additional References

References