You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026-40401
About this tag
CVE-2026-40401 is a Microsoft-disclosed Windows TCP/IP denial-of-service vulnerability rated Important. It stems from a null pointer dereference and affects supported Windows client and server releases. The May 2026 security updates remediate the flaw. Notably, while the CVSS vector classifies it as a local attack, Microsoft's FAQ indicates that a low-privilege Hyper-V guest can exploit this bug to crash the host environment, crossing guest boundaries. This transforms a routine kernel-networking fix into a virtualization availability concern, making it a significant issue for enterprise IT environments relying on Hyper-V isolation.
Microsoft disclosed CVE-2026-40401 on May 12, 2026, as an Important-rated Windows TCP/IP denial-of-service vulnerability caused by a null pointer dereference, affecting supported Windows client and server releases and remediated through the May 2026 security updates. The interesting part is not...