cve 2026 42972

CVE-2026-42972 is a Microsoft-disclosed Hyper-V information disclosure vulnerability affecting supported Windows client and server releases. Disclosed on June 9, 2026, as part of Patch Tuesday, this medium-severity flaw requires local authorized access rather than remote unauthenticated exploitation. While not the most critical bug in the update cycle, Hyper-V serves as a privileged boundary where information disclosure can still have significant security implications. Administrators are advised to patch hosts promptly, understand the boundary at stake, and treat sparse vendor details as part of the risk model. This tag covers discussions and guidance around CVE-2026-42972 for Windows administrators managing Hyper-V environments.