CVE-2026-45597

Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 11 version 23H210.0.22631.0 < 10.0.22631.7219affected
MicrosoftWindows 11 Version 23H210.0.22631.0 < 10.0.22631.7219affected
MicrosoftWindows 11 Version 24H210.0.26100.0 < 10.0.26100.8655affected
MicrosoftWindows 11 Version 25H210.0.26200.0 < 10.0.26200.8655affected
MicrosoftWindows 11 version 26H110.0.28000.0 < 10.0.28000.2269affected
MicrosoftWindows Server 202210.0.20348.0 < 10.0.20348.5256affected
MicrosoftWindows Server 202510.0.26100.0 < 10.0.26100.32995affected
MicrosoftWindows Server 2025 (Server Core installation)10.0.26100.0 < 10.0.26100.32995affected

Weaknesses

  • CWE-362: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References