cve-2026-42978

CVE-2026-42978 is an Important-rated elevation-of-privilege vulnerability in Windows Push Notifications, disclosed by Microsoft on June 9, 2026. The flaw allows a local, low-privilege attacker to exploit a race condition and gain SYSTEM privileges. It affects supported Windows 10, Windows 11, and Windows Server releases. Patches are available through the June 2026 security updates. While not a remote-code-execution vulnerability and considered unlikely to be exploited, the local privilege escalation vector is a common concern for enterprise IT and security teams. Discussions on WindowsForum highlight the practical importance of such bugs in real networks despite their lower severity rating.