CVE-2026-23674 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
microsoft	CNA	7.5 HIGH				CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Windows Releases

Platform

Version

Windows 10

1607 (x64, x86)	KB5078938
1809 (x64, x86)	KB5078752
21H2 (arm64, x64, x86)	KB5078885
22H2 (arm64, x64, x86)	KB5078885

Windows 11

23H2 (arm64, x64)	KB5078883
24H2 (arm64, x64)	KB5079420
25H2 (arm64, x64)	KB5079420
26H1 (arm64, x64)	KB5079466

Windows Server 2012

Server Core	KB5078738
Server Core	KB5078775
Standard	KB5078738
Standard	KB5078775

Windows Server 2012 R2

Server Core	KB5078738
Server Core	KB5078774
Standard	KB5078738
Standard	KB5078774

Windows Server 2016

Server Core	KB5078938
Standard	KB5078938

Windows Server 2019

Server Core	KB5078752
Standard	KB5078752

Windows Server 2022

23H2 Server Core	KB5078734
Server Core	KB5078737
Standard	KB5078737

Windows Server 2025

Server Core	KB5078736
Standard	KB5078736

Common Weakness Enumeration

CWE-41 - Improper Resolution of Path Equivalence
The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.

Vulnerability Media Exposure

[GERMAN] 93 Schwachstellen in Windows, Office, Azure und Serverkomponenten
Microsoft korrigiert im März 2026 insgesamt 83 neue CVEs in Windows, Office, Azure, SQL Server, Hyper-V, ReFS und weiteren Komponenten. Einschließlich Chromium- und Drittanbieterkomponenten steigt die Gesamtzahl auf 93 Einträge.
Published: 2026-03-11T07:37:00+01:00

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23674