cve-2026-40410

CVE-2026-40410 is an Important-rated Windows SMB Client elevation-of-privilege vulnerability caused by a use-after-free condition. Microsoft published a fix on May 12, 2026, covering all supported Windows client and server releases. The advisory marks report confidence as confirmed, meaning the bug is real, though no public disclosure or exploitation had been reported at publication. Exploit maturity is listed as unproven, so this is not an emergency but a patch-now item. The vulnerability highlights that privilege escalation in Windows networking code remains a recurring concern. Users should apply the official update to mitigate risk.