CVE-2026-35420

EUVD-2026-29627
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_server_2012
-
microsoftwindows_server_2016
𝑥
< 10.0.14393.9140
microsoftwindows_server_2019
𝑥
< 10.0.17763.8755
microsoftwindows_server_2022
𝑥
< 10.0.20348.5074
microsoftwindows_server_2022_23h2
𝑥
< 10.0.25398.2330
microsoftwindows_server_2025
𝑥
< 10.0.26100.32772
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows Server 2012
Server Core
KB5087470
Standard
KB5087470
Windows Server 2012 R2
Server Core
KB5087471
Standard
KB5087471
Windows Server 2016
Server Core
KB5087537
Standard
KB5087537
Windows Server 2019
Server Core
KB5087538
Standard
KB5087538
Windows Server 2022
23H2 Server Core
KB5087541
Server Core
KB5087545
Standard
KB5087545
Windows Server 2025
Server Core
KB5087539
Standard
KB5087539
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35420