CVE-2026-26172
Published: 14 April 2026
Summary
CVE-2026-26172 is a high-severity Race Condition (CWE-362) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely remediation through vendor patches directly eliminates the race condition vulnerability in Windows Push Notifications.
Prevents unauthorized information transfer via shared system resources, directly addressing the improper synchronization exploited in this race condition.
Enforces least privilege to limit the scope and impact of local privilege escalation from low-privilege attackers exploiting the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local race condition (UAF) in Windows component directly enables privilege escalation from low-privileged local access.
NVD Description
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Deeper analysisAI
CVE-2026-26172 is a race condition vulnerability (CWE-362) involving concurrent execution with improper synchronization of a shared resource in the Windows Push Notifications component of Microsoft Windows, also associated with CWE-416 (use after free). Published on 2026-04-14T18:16:51.757, it carries a CVSS v3.1 base score of 7.8 (High), reflecting local vector access (AV:L), high attack complexity (AC:H), low privileges required (PR:L), no user interaction (UI:N), changed scope (S:C), and high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).
An authorized local attacker with low privileges can exploit this vulnerability by racing concurrent operations in Windows Push Notifications, potentially leading to privilege escalation on the affected system. Exploitation demands high complexity due to the need for precise timing in the race condition but requires no user interaction once local access is obtained.
The Microsoft Security Response Center provides an update guide for CVE-2026-26172 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26172, which security practitioners should consult for details on available patches and mitigation recommendations.
Details
- CWE(s)