cve-2026-34332

CVE-2026-34332 is a Windows Kernel-Mode Driver remote code execution vulnerability disclosed by Microsoft on May 12, 2026. It affects Windows Server 2025 and Server Core, with a CVSS 3.1 base score of 8.0. The vulnerability is fixed by KB5087539 or hotpatch KB5087423. The issue involves network storage and kernel memory safety, specifically related to NVMe-oF. While Microsoft assesses exploitation as unlikely, the advisory provides enough technical detail to warrant attention from administrators running Windows Server 2025 in modern storage environments. This tag covers discussions about the vulnerability, its impact, and mitigation steps.