CVE-2026-33835

EUVD-2026-29582
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10_1809
𝑥
< 10.0.17763.8755
microsoftwindows_10_1809
𝑥
< 10.0.17763.8755
microsoftwindows_10_21h2
𝑥
< 10.0.19044.7291
microsoftwindows_10_21h2
𝑥
< 10.0.19044.7291
microsoftwindows_10_21h2
𝑥
< 10.0.19044.7291
microsoftwindows_10_22h2
𝑥
< 10.0.19045.7291
microsoftwindows_10_22h2
𝑥
< 10.0.19045.7291
microsoftwindows_10_22h2
𝑥
< 10.0.19045.7291
microsoftwindows_11_23h2
𝑥
< 10.0.22631.7079
microsoftwindows_11_23h2
𝑥
< 10.0.22631.7079
microsoftwindows_11_24h2
𝑥
< 10.0.26100.8390
microsoftwindows_11_24h2
𝑥
< 10.0.26100.8390
microsoftwindows_11_25h2
𝑥
< 10.0.26200.8390
microsoftwindows_11_25h2
𝑥
< 10.0.26200.8390
microsoftwindows_11_26h1
𝑥
< 10.0.28000.2113
microsoftwindows_11_26h1
𝑥
< 10.0.28000.2113
microsoftwindows_server_2019
𝑥
< 10.0.17763.8755
microsoftwindows_server_2022
𝑥
< 10.0.20348.5074
microsoftwindows_server_2022_23h2
𝑥
< 10.0.25398.2330
microsoftwindows_server_2025
𝑥
< 10.0.26100.32772
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
1809 (x64, x86)
KB5087538
21H2 (arm64, x64, x86)
KB5087544
22H2 (arm64, x64, x86)
KB5094127
Windows 11
23H2 (arm64)
KB5087420
23H2 (x64)
KB5093998
24H2 (arm64, x64)
KB5089549
25H2 (arm64, x64)
KB5089549
26H1 (arm64, x64)
KB5089548
Windows Server 2019
Server Core
KB5087538
Standard
KB5087538
Windows Server 2022
23H2 Server Core
KB5087541
Server Core
KB5087545
Standard
KB5087545
Windows Server 2025
Server Core
KB5087539
Standard
KB5087539
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33835