CVE-2026-26168
Published: 14 April 2026
Summary
CVE-2026-26168 is a high-severity Race Condition (CWE-362) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly addresses the race condition in the Windows Ancillary Function Driver for WinSock by applying the vendor-provided patch to prevent local privilege escalation.
Protection of information in shared system resources prevents unauthorized transfer and exploitation via race conditions from improper synchronization in concurrent executions.
Least privilege limits the impact and scope of privilege escalation even if the race condition in the kernel driver is exploited by a local attacker.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel-mode race condition (CWE-362/416) in WinSock driver directly enables exploitation for privilege escalation from low-privileged local access.
NVD Description
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Deeper analysisAI
CVE-2026-26168 is a race condition vulnerability stemming from concurrent execution using a shared resource with improper synchronization, classified under CWE-362 and CWE-416. It affects the Windows Ancillary Function Driver for WinSock, a kernel-mode component in Windows operating systems. The vulnerability enables an authorized local attacker to elevate privileges and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). It was published on 2026-04-14T18:16:50.607.
A low-privileged local user with authorized access to the system can exploit this race condition. Exploitation demands high attack complexity and local vector but requires no user interaction. Successful exploitation allows privilege escalation, resulting in high impacts to confidentiality, integrity, and availability, with a changed scope that amplifies the attack surface.
Microsoft's update guide provides details on mitigation for CVE-2026-26168 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26168.
Details
- CWE(s)