cve 2026 42911

CVE-2026-42911 is a Microsoft-acknowledged elevation-of-privilege vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys), rated Important with a CVSS 3.1 base score of 7.0. Published on June 9, 2026, as part of Patch Tuesday, this flaw affects supported Windows client and server releases. While not a remote code execution bug, it represents a kernel-adjacent weakness that attackers can pair with other exploits to achieve local privilege escalation, making it a critical component in post-compromise scenarios. Discussions on WindowsForum emphasize that patching CVE-2026-42911 is essential for hardening systems against intrusions that rely on privilege escalation to become persistent.