cve-2026-45596

CVE-2026-45596 is a Windows Ancillary Function Driver for WinSock (afd.sys) elevation-of-privilege vulnerability disclosed by Microsoft on June 9, 2026. This local privilege escalation flaw allows an attacker with initial user access to gain SYSTEM-level privileges. Unlike remote code execution bugs, CVE-2026-45596 is not wormable but poses a significant post-compromise risk. The vulnerability resides in a kernel-adjacent networking component that handles ordinary Windows networking operations, making it a target for attackers seeking to escalate privileges after an initial foothold. Administrators should prioritize patching this vulnerability as part of regular monthly updates for Windows clients and servers.