CVE-2026-54107

Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 160710.0.14393.0 < 10.0.14393.9339affected
MicrosoftWindows 10 Version 180910.0.17763.0 < 10.0.17763.9020affected
MicrosoftWindows 10 Version 21H210.0.19044.0 < 10.0.19044.7548affected
MicrosoftWindows 10 Version 22H210.0.19045.0 < 10.0.19045.7548affected
MicrosoftWindows 11 Version 24H210.0.26100.0 < 10.0.26100.8875affected
MicrosoftWindows 11 Version 25H210.0.26200.0 < 10.0.26200.8875affected
MicrosoftWindows 11 version 26H110.0.28000.0 < 10.0.28000.2525affected
MicrosoftWindows Server 20126.2.9200.0 < 6.2.9200.26226affected
MicrosoftWindows Server 2012 (Server Core installation)6.2.9200.0 < 6.2.9200.26226affected
MicrosoftWindows Server 2012 R26.3.9600.0 < 6.3.9600.23291affected
MicrosoftWindows Server 2012 R2 (Server Core installation)6.3.9600.0 < 6.3.9600.23291affected
MicrosoftWindows Server 201610.0.14393.0 < 10.0.14393.9339affected
MicrosoftWindows Server 2016 (Server Core installation)10.0.14393.0 < 10.0.14393.9339affected
MicrosoftWindows Server 201910.0.17763.0 < 10.0.17763.9020affected
MicrosoftWindows Server 2019 (Server Core installation)10.0.17763.0 < 10.0.17763.9020affected
MicrosoftWindows Server 202210.0.20348.0 < 10.0.20348.5386affected
MicrosoftWindows Server 202510.0.26100.0 < 10.0.26100.33158affected
MicrosoftWindows Server 2025 (Server Core installation)10.0.26100.0 < 10.0.26100.33158affected

Weaknesses

  • CWE-362: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

References