CVE-2026-24297

EUVD-2026-10626
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
microsoftCNA
6.5 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Windows Releases
Platform
Version
Windows 10
1607 (x64, x86)
KB5078938
1809 (x64, x86)
KB5078752
21H2 (arm64, x64, x86)
KB5078885
22H2 (arm64, x64, x86)
KB5078885
Windows Server 2012
Server Core
KB5078775
Standard
KB5078775
Windows Server 2012 R2
Server Core
KB5078774
Standard
KB5078774
Windows Server 2016
Server Core
KB5078938
Standard
KB5078938
Windows Server 2019
Server Core
KB5078752
Standard
KB5078752
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24297