local privilege escalation

Microsoft disclosed CVE-2026-40419 on May 12, 2026, as an Important-rated Microsoft Office Click-To-Run elevation-of-privilege vulnerability that stems from a use-after-free flaw and can allow a locally authorized attacker to gain SYSTEM privileges after applying a successful exploit. The...

Microsoft published CVE-2026-40410 on May 12, 2026, identifying it as an Important-rated Windows SMB Client elevation-of-privilege flaw caused by use-after-free behavior, with an official fix available across supported Windows client and server releases and no public disclosure or exploitation...

Microsoft disclosed CVE-2026-40407 on May 12, 2026 as an Important Windows Common Log File System Driver elevation-of-privilege vulnerability, caused by a heap-based buffer overflow and affecting supported Windows client and server releases with updates available through the May Patch Tuesday...

Microsoft published CVE-2026-40399 on May 12, 2026, as an Important-rated Windows TCP/IP elevation-of-privilege vulnerability caused by a stack-based buffer overflow that lets a locally authorized attacker gain SYSTEM privileges after applying pressure to the vulnerable component. The phrase...

Microsoft published CVE-2026-34351 on May 12, 2026, describing an Important-rated Windows TCP/IP elevation-of-privilege flaw caused by a race condition that can let an authenticated local attacker gain SYSTEM privileges after applying the right exploit path. The vulnerability is not described as...

Microsoft disclosed CVE-2026-34345 on May 12, 2026, as an Important Windows Ancillary Function Driver for WinSock elevation-of-privilege flaw that lets a low-privileged local attacker potentially win a race condition and gain SYSTEM privileges across supported Windows client and server releases...

Microsoft disclosed CVE-2026-34330 on May 12, 2026, as an Important-rated Windows Win32k elevation-of-privilege flaw in the GRFX component that can let a locally authenticated attacker gain SYSTEM privileges after exploiting an integer overflow or wraparound weakness. The advisory is not...

Microsoft published CVE-2026-33841 on May 12, 2026, as an Important Windows Kernel elevation-of-privilege vulnerability caused by a heap-based buffer overflow that lets an authorized local attacker raise privileges on affected Windows client and server systems. The bug is not described as...

Microsoft disclosed CVE-2026-33840 on May 12, 2026 as an Important Win32k elevation-of-privilege flaw in Windows 11 and Windows Server 2025 that lets a locally authorized attacker exploit a use-after-free bug and gain SYSTEM privileges. The uncomfortable part is not the label “Important,” which...

CVE-2026-43500 is a high-severity Linux kernel vulnerability disclosed in May 2026 in the rxrpc networking subsystem, where certain fragmented socket buffers can reach in-place decryption paths without being copied away from externally owned memory, creating a local privilege-escalation risk on...

CVE-2026-43321 is a newly published Linux kernel vulnerability in the BPF verifier, disclosed through kernel.org and surfaced in Microsoft’s Security Update Guide on May 8, 2026, with a high CVSS 3.1 score of 7.8 and local, low-complexity exploitation characteristics. The bug is small in code...

Microsoft disclosed on May 8, 2026, that “Dirty Frag,” a Linux local privilege escalation vulnerability chain involving esp4, esp6, and rxrpc kernel components, is being investigated in limited active attacks that can turn low-privileged local execution into root control. The unpleasant part is...

CVE-2026-7997 is a Google Chrome for macOS vulnerability, published May 6, 2026, in which insufficient input validation in Chrome’s Updater before version 148.0.7778.96 could let a local attacker escalate privileges through a malicious file. The uncomfortable part is not that Chrome had another...

CISA added CVE-2026-31431, a Linux kernel local privilege escalation flaw known as “Copy Fail,” to its Known Exploited Vulnerabilities Catalog on May 1, 2026, after evidence of active exploitation, triggering mandatory remediation for U.S. federal civilian agencies under BOD 22-01. The move...

Windows Defender has become the center of a serious local privilege escalation story, and the uncomfortable twist is that the trusted security product is the one doing the dangerous write. According to CloudSEK’s RedSun research, a standard user can race Defender’s remediation workflow and trick...

Microsoft’s CVE-2026-32073 is the kind of Windows security advisory that makes defenders stop and re-evaluate their patch queue: it is a local elevation-of-privilege flaw in the Windows Ancillary Function Driver for WinSock, better known as AFD.sys, and it is already being tracked as a...

Microsoft’s CVE-2026-32076 entry is a reminder that the most important clue in a Windows security advisory is often not the component name, but the confidence language behind it. The Microsoft Security Response Center classifies the issue as a Windows Storage Spaces Controller Elevation of...

Microsoft’s CVE-2026-32163 entry is another Windows local privilege escalation advisory where the headline matters almost as much as the missing technical detail. Microsoft classifies it as a Windows User Interface Core Elevation of Privilege Vulnerability, and the accompanying confidence...

Microsoft’s CVE-2026-32155 entry for the Desktop Window Manager (DWM) Elevation of Privilege Vulnerability is notable less for dramatic exploit details than for what Microsoft is signaling through its advisory metadata: this is a real, vendor-tracked Windows privilege boundary issue that...

Microsoft’s update guide entry for CVE-2026-32153, labeled a Windows Speech Runtime Elevation of Privilege Vulnerability, is exactly the sort of advisory that makes defenders pause even before the full technical picture is public. The description you shared highlights Microsoft’s confidence...