CVE-2026-45600— Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Possible ATT&CK Techniques 1AI
T1068 · Exploitation for Privilege EscalationAffected Version Matrix 5
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Windows 11 Version 24H2 | 10.0.26100.0< 10.0.26100.8655 | affected |
| Microsoft | Windows 11 Version 25H2 | 10.0.26200.0< 10.0.26200.8655 | affected |
| Microsoft | Windows 11 version 26H1 | 10.0.28000.0< 10.0.28000.2269 | affected |
| Microsoft | Windows Server 2025 | 10.0.26100.0< 10.0.26100.32995 | affected |
| Microsoft | Windows Server 2025 (Server Core installation) | 10.0.26100.0< 10.0.26100.32995 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45600
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用不兼容类型访问资源(类型混淆)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Windows 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows存在安全漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows Server 2025 (Server Core installation),Windows 11 Version 25H2 for ARM64-based Systems,Windows 11 Version 25H2 for x64-based Systems,Windows 11 V
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Microsoft | Windows 11 Version 24H2 | 10.0.26100.0 ~ 10.0.26100.8655 | - | |
| Microsoft | Windows 11 Version 25H2 | 10.0.26200.0 ~ 10.0.26200.8655 | - | |
| Microsoft | Windows 11 version 26H1 | 10.0.28000.0 ~ 10.0.28000.2269 | - | |
| Microsoft | Windows Server 2025 | 10.0.26100.0 ~ 10.0.26100.32995 | - | |
| Microsoft | Windows Server 2025 (Server Core installation) | 10.0.26100.0 ~ 10.0.26100.32995 | - |
II. Public POCs for CVE-2026-45600
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-45600
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-45600 (1)
Same Patch Batch · Microsoft · 2026-06-09 · 200 CVEs total
| CVE-2026-47291 | 9.8 CRITICAL | HTTP.sys Remote Code Execution Vulnerability |
| CVE-2026-45657 | 9.8 CRITICAL | Windows Kernel Remote Code Execution Vulnerability |
| CVE-2026-26142 | 9.8 CRITICAL | Nuance PowerScribe Remote Code Execution Vulnerability |
| CVE-2026-44815 | 9.8 CRITICAL | DHCP Client Service Remote Code Execution Vulnerability |
| CVE-2026-47643 | 9.8 CRITICAL | Azure Stack Edge Remote Code Execution Vulnerability |
| CVE-2026-42904 | 9.6 CRITICAL | Windows TCP/IP Elevation of Privilege Vulnerability |
| CVE-2026-47281 | 9.6 CRITICAL | Visual Studio Code Elevation of Privilege Vulnerability |
| CVE-2026-45602 | 9.1 CRITICAL | Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability |
| CVE-2026-42985 | 8.8 HIGH | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-32193 | 8.8 HIGH | Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability |
| CVE-2026-47289 | 8.8 HIGH | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-45648 | 8.8 HIGH | Windows Active Directory Domain Services Remote Code Execution Vulnerability |
| CVE-2026-47653 | 8.8 HIGH | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-45504 | 8.8 HIGH | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2026-40371 | 8.8 HIGH | Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability |
| CVE-2026-45484 | 8.8 HIGH | Microsoft SharePoint Elevation of Privilege Vulnerability |
| CVE-2026-45456 | 8.4 HIGH | Microsoft Outlook and Word Remote Code Execution Vulnerability |
| CVE-2026-45472 | 8.4 HIGH | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-45474 | 8.4 HIGH | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-45641 | 8.4 HIGH | Windows Hyper-V Remote Code Execution Vulnerability |
Showing top 20 of 200 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Windows 11 Version 24H2
- CVE-2026-44809
Windows Common Log File System Driver Elevation of Privilege - CVE-2026-42910
Windows Hotpatch Monitoring Service Elevation of Privilege V - CVE-2026-45654
Secure Boot Security Feature Bypass Vulnerability - CVE-2026-42829
Windows Administrator Protection Secure Feature Bypass Vulne - CVE-2026-48566
Windows DWM Core Library Information Disclosure Vulnerabili
Same vendor: Microsoft
- CVE-2026-50656
Microsoft Defender Elevation of Privilege Vulnerability - CVE-2026-50511
Microsoft PC Manager Elevation of Privilege Vulnerability - CVE-2026-50512
Microsoft PC Manager Elevation of Privilege Vulnerability - CVE-2026-44813
Windows DWM Core Library Elevation of Privilege Vulnerabilit - CVE-2026-44804
Windows DWM Core Library Elevation of Privilege Vulnerabilit
Same weakness: CWE-843
- CVE-2026-12390
Access of resource using incompatible type ('type confusion' - CVE-2026-8358
Heap buffer overflow in spreadsheet tracked-changes import - CVE-2026-45635
Windows UPnP Device Host Remote Code Execution Vulnerability - CVE-2026-45641
Windows Hyper-V Remote Code Execution Vulnerability - CVE-2026-45456
Microsoft Outlook and Word Remote Code Execution Vulnerabili
V. Comments for CVE-2026-45600
No comments yet