HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-42829Published Modified CNA microsoft

CVE-2026-42829: Windows Administrator Protection Secure Feature Bypass Vulnerability

Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.

Metrics

CVSS v3.1
7.8
Severity
HIGH
Fixed in
10.0.26100.8655
Affected Products
3

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An improper access control flaw in Windows Administrator Protection allows a local attacker to bypass a security feature that is intended to restrict privilege elevation. The vulnerability is reached locally and requires only a low-privilege account, with no victim interaction needed, as indicated by the CVSS vector (AV:L/PR:L/UI:N). Successful exploitation gives the attacker full read, write, and availability impact on the system, effectively granting them control equivalent to an administrator. Patched-image rebuilds at versions 10.0.26100.8655, 10.0.26200.8655, and 10.0.28000.2269 are available on HarborGuard for affected environments running Windows 11 24H2, 25H2, or 26H1.

HarborGuard Coverage

Detection

Detection of CVE-2026-42829 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream feeds, including custom-built Windows container images. Any image shipping an affected Windows 11 build below the fixed versions is flagged automatically in both registry scans and CI/CD pipeline checks.

Available
Triage

HarborGuard scores this CVE at 7.8 HIGH using the provided CVSS v3.1 vector and weights it against each customer environment's compliance policy to determine urgency and routing. Triage results are delivered to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

A patched-image rebuild at the applicable fix version (10.0.26100.8655, 10.0.26200.8655, or 10.0.28000.2269 depending on the Windows 11 release branch) becomes available on HarborGuard once the upstream fix is confirmed. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no network path to the target is required.

  • AuthenticationRequired

    Any low-privilege local account is sufficient; the attacker does not need administrator or elevated credentials to trigger the bypass.

  • Victim interactionNot required

    No user action or social engineering is needed; the attacker can execute the exploit entirely on their own.

  • Attack complexityDetail

    The exploit is reliable and condition-free, with no race conditions or special environmental setup required (AC:L).

Blast Radius

  • Reads files, secrets, and credentials that are restricted to administrator-level accounts on the host.
  • Modifies or overwrites system files, registry keys, and security configurations protected by Administrator Protection.
  • Disrupts or terminates processes and services that require elevated privileges to manage.
  • Effectively grants full administrative control over the compromised Windows 11 instance.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-42829 is active across customer environments, flagging any Windows 11 container image on an affected build within minutes of CVE publication. For environments running affected versions of Windows 11 24H2, 25H2, or 26H1, a patched-image rebuild at the corresponding fixed OS build is available. Where compliance policy permits, customers with auto-remediation enabled receive a rebuilt image, a regression-test run, and a pull request opened against affected workloads; the median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in those environments. Customers who manage remediation manually can use HarborGuard's triage output, including CVSS scoring and policy-weighted priority, to route the finding to the right team and track resolution through the dashboard.

See how HarborGuard automates this

Fix available

10.0.26100.865510.0.26200.865510.0.28000.2269
Patch commits
Affected packages
  • Microsoft / Windows 11 Version 24H2
    < 10.0.26100.8655 (from 10.0.26100.0)
  • Microsoft / Windows 11 Version 25H2
    < 10.0.26200.8655 (from 10.0.26200.0)
  • Microsoft / Windows 11 version 26H1
    < 10.0.28000.2269 (from 10.0.28000.0)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References