CVE-2026-40402

CRITICAL9.3JSON export Create alert

Description

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

E

Unchanged

RL

O

RC

Changed

Affected products

Microsoft / Windows 11 version 23H210.0.22631.0 – 10.0.22631.7079
Microsoft / Windows 11 version 23H210.0.22631.0 – 10.0.22631.7219
Microsoft / Windows Server 202210.0.20348.0 – 10.0.20348.5139

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40402