CVE-2026-27927
Published: 14 April 2026
Summary
CVE-2026-27927 is a high-severity Race Condition (CWE-362) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Prevents unauthorized and unintended information transfer via shared system resources, directly mitigating the race condition from improper synchronization in Windows Projected File System.
Requires timely flaw remediation including application of vendor patches to eliminate the specific race condition and use-after-free vulnerability enabling privilege escalation.
Enforces least privilege to restrict the scope of privileges exploitable via the local privilege escalation from low-privileged access.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local race condition/Use-After-Free in Windows Projected File System directly enables local privilege escalation from low-privileged context to SYSTEM-level access.
NVD Description
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.
Deeper analysisAI
CVE-2026-27927 is a race condition vulnerability (CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization; CWE-416: Use After Free) affecting the Windows Projected File System. It arises from improper synchronization during concurrent access to shared resources, allowing an authorized local attacker to elevate privileges. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-04-14T18:17:03.880.
A low-privileged local user (PR:L) can exploit this issue with low attack complexity (AC:L) and no user interaction required (UI:N), requiring only local access (AV:L). Successful exploitation enables privilege escalation, resulting in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) without changing scope (S:U), potentially granting the attacker full control over the system.
Microsoft's update guide provides details on mitigation and patching for this vulnerability at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27927.
Details
- CWE(s)