CVE-2026-23671

EUVD-2026-10592
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
microsoftCNA
7 HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Windows Releases
Platform
Version
Windows 10
1607 (x64, x86)
KB5078938
1809 (x64, x86)
KB5078752
21H2 (arm64, x64, x86)
KB5078885
22H2 (arm64, x64, x86)
KB5078885
Windows 11
23H2 (arm64, x64)
KB5078883
24H2 (arm64, x64)
KB5079420
25H2 (arm64, x64)
KB5079420
26H1 (arm64, x64)
KB5079466
Windows Server 2016
Server Core
KB5078938
Standard
KB5078938
Windows Server 2019
Server Core
KB5078752
Standard
KB5078752
Windows Server 2022
23H2 Server Core
KB5078734
Server Core
KB5078737
Standard
KB5078737
Windows Server 2025
Server Core
KB5078736
Standard
KB5078736
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23671