CVE-2026-41088

EUVD-2026-29680
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Windows Releases
Platform
Version
Windows 10
21H2 (arm64, x64, x86)
KB5087544
22H2 (arm64, x64, x86)
KB5087544
Windows 11
23H2 (arm64, x64)
KB5087420
24H2 (arm64, x64)
KB5089549
25H2 (arm64, x64)
KB5089549
26H1 (arm64, x64)
KB5089548
Windows Server 2022
23H2 Server Core
KB5087541
Server Core
KB5087545
Standard
KB5087545
Windows Server 2025
Server Core
KB5087539
Standard
KB5087539
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41088