CVE-2026-25176
Published: 10 March 2026
Summary
CVE-2026-25176 is a high-severity Improper Access Control (CWE-284) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2026-25176 is an improper access control vulnerability (CWE-284) in the Windows Ancillary Function Driver for WinSock. Published on 2026-03-10, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and affects Windows systems utilizing this driver component.
The vulnerability enables a local attacker with low privileges to exploit improper access controls, requiring low attack complexity and no user interaction. Successful exploitation allows privilege escalation, resulting in high impacts to confidentiality, integrity, and availability on the targeted system.
Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25176 provides details on mitigation and patching for this vulnerability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-10646
Vulnerability details
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local improper access control vulnerability in Windows driver directly enables exploitation for privilege escalation from low-privileged context.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the improper access control flaw in the Windows Ancillary Function Driver for WinSock through timely patching as specified in Microsoft's update guide.
Requires enforcement mechanisms for approved authorizations, addressing the core improper access control enabling local privilege escalation.
Enforces least privilege to limit the scope and impact of exploitation by a low-privileged local attacker seeking escalation.