cve-2026-42977

CVE-2026-42977 is a high-severity local privilege escalation vulnerability in Windows Push Notifications, disclosed by Microsoft on June 9, 2026. The flaw is a race condition that requires an attacker to already have local access. It affects supported Windows 10, Windows 11, and Windows Server releases. Discussions on WindowsForum highlight that while it is not as widely publicized as remote-code-execution bugs, it expands the trusted attack surface of the operating system. Defenders should treat it as part of the OS's security perimeter. The tag covers the vulnerability's disclosure, impact, and mitigation discussions within the Windows community.