cve-2026-42969

CVE-2026-42969 is a medium-severity information disclosure vulnerability in Windows Push Notifications, disclosed by Microsoft in the June 2026 Patch Tuesday update. The flaw affects supported Windows 10, Windows 11, and Windows Server releases. It is a local vulnerability, meaning an attacker must already have authorized access to the system to exploit it, rather than being remotely exploitable. While not a headline-grabbing bug, it highlights how sensitive system state information can be exposed through background Windows services. Administrators should apply the June 2026 security update to mitigate this risk.