CVE-2026-41088

Summary

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 21H210.0.19044.0 < 10.0.19044.7291affected
MicrosoftWindows 10 Version 22H210.0.19045.0 < 10.0.19045.7417affected
MicrosoftWindows 11 version 23H210.0.22631.0 < 10.0.22631.7079affected
MicrosoftWindows 11 Version 23H210.0.22631.0 < 10.0.22631.7219affected
MicrosoftWindows 11 Version 24H210.0.26100.0 < 10.0.26100.8457affected
MicrosoftWindows 11 Version 25H210.0.26200.0 < 10.0.26200.8457affected
MicrosoftWindows 11 version 26H110.0.28000.0 < 10.0.28000.2113affected
MicrosoftWindows Server 202210.0.20348.0 < 10.0.20348.5139affected
MicrosoftWindows Server 2022, 23H2 Edition (Server Core installation)10.0.25398.0 < 10.0.25398.2330affected
MicrosoftWindows Server 202510.0.26100.0 < 10.0.26100.32860affected
MicrosoftWindows Server 2025 (Server Core installation)10.0.26100.0 < 10.0.26100.32860affected

Weaknesses

  • CWE-73: CWE-73: External Control of File Name or Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References