CVE-2024-26226
Published: 09 April 2024
Summary
CVE-2024-26226 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 7.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-26226 is an information disclosure vulnerability affecting the Windows Distributed File System (DFS) component. It carries a CVSS 3.1 base score of 6.5 and is associated with CWE-125. The flaw permits unauthorized exposure of sensitive data under the listed access conditions.
An attacker with low privileges can exploit the issue remotely over a network connection without requiring user interaction, resulting in high confidentiality impact while leaving integrity and availability unaffected.
Microsoft publishes mitigation details and patch information for the vulnerability in its Security Response Center advisory at the referenced URL. The associated EPSS score has remained flat at 0.0821 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-23502
Vulnerability details
Windows Distributed File System (DFS) Information Disclosure Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.