Vulnerability · NVD
CVE-2026-42978
HIGH 7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Attack vector : Local
No user interaction
Show raw CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
0.04%
exploit very unlikely
percentile 11.8%
OS versions that fix this CVE
This CVE is resolved by the following OS security releases. Update the OS to at least the listed version.
- Windows Fixed in Windows Server 2025 (Server Core installation) 10.0.26100.32995 Windows Server 2025 10.0.26100.32995 Windows Server 2022 (Server Core installation) 10.0.20348.5256 Windows Server 2022 10.0.20348.5256 Windows Server 2019 (Server Core installation) 10.0.17763.8880 Windows Server 2019 10.0.17763.8880 Windows 11 26H1 · 2026-H1 10.0.28000.2269 Windows 11 25H2 · 2025-H2 10.0.26200.8655 Windows 11 24H2 · 2024-H2 10.0.26100.8655 Windows 11 23H2 · 2023-H2 10.0.22631.7219 Windows 10 22H2 · 2022-H2 10.0.19045.7417 Windows 10 21H2 · 2021-H2 10.0.19044.7417 Windows 10 1809 · 2018-09 10.0.17763.8880