HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-42978Published Modified CNA microsoft

CVE-2026-42978: Windows Push Notifications Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Metrics

CVSS v3.1
7.8
Severity
HIGH
Fixed in
10.0.17763.8880
Affected Products
13

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A race condition in the Windows Push Notifications component allows a locally authenticated attacker to elevate privileges on affected Windows 10 and Windows 11 systems. The attacker must already hold a low-privilege account and exploit a timing window in shared-resource synchronization to gain higher-level access. Successful exploitation gives the attacker full control over confidentiality, integrity, and availability of the host. Patched-image rebuilds at the fixed Windows versions are available on HarborGuard for environments running affected builds.

HarborGuard Coverage

Detection

Detection of CVE-2026-42978 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built Windows-based container images, in both registry scans and CI pipeline checks.

Available
Triage

HarborGuard is capable of scoring this CVE at CVSS 7.8 HIGH and weighting that score against each customer environment's compliance policy to determine urgency. Triage output is routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

Patched-image rebuilds at the fixed versions (10.0.17763.8880, 10.0.19044.7417, 10.0.19045.7417, 10.0.20348.5256, and 10.0.22631.7219) are available on HarborGuard for environments running an affected build. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite, and opens a PR against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no network exposure is required.

  • AuthenticationRequired

    Any low-privilege local account is sufficient; the attacker does not need administrator or elevated credentials to initiate the exploit.

  • Victim interactionNot required

    No action from another user or victim is needed; the attacker operates entirely on their own.

  • Attack complexityDetail

    Exploitation depends on winning a race condition in shared-resource access, meaning timing and environmental factors affect reliability and the exploit is not unconditionally reproducible.

Blast Radius

  • A successful attacker gains full read access to protected files, credentials, secrets, and other data on the host.
  • The attacker can write to or modify any file or system configuration, including security-sensitive settings and persistent data.
  • The attacker can crash, disable, or otherwise disrupt any service or process on the host.
  • Because the scope is changed (S:C), the attacker's elevated access can extend beyond the immediate process boundary to affect other components or services on the same host.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-42978 is active across all scanning environments and will flag any image built on an affected Windows base layer. For customers with auto-remediation enabled, HarborGuard can rebuild affected images at the patched base versions, run regression tests, and open a PR against the affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled. For customers who manage patching manually, HarborGuard surfaces the specific affected build version alongside the fix target in the triage dashboard so engineering teams can prioritize the update with full context.

See how HarborGuard automates this

Fix available

10.0.17763.888010.0.19044.741710.0.19045.741710.0.20348.525610.0.22631.721910.0.26100.865510.0.26100.3299510.0.26200.865510.0.28000.2269
Patch commits
Affected packages
  • Microsoft / Windows 10 Version 1809
    < 10.0.17763.8880 (from 10.0.17763.0)
  • Microsoft / Windows 10 Version 21H2
    < 10.0.19044.7417 (from 10.0.19044.0)
  • Microsoft / Windows 10 Version 22H2
    < 10.0.19045.7417 (from 10.0.19045.0)
  • Microsoft / Windows 11 version 23H2
    < 10.0.22631.7219 (from 10.0.22631.0)
  • Microsoft / Windows 11 Version 23H2
    < 10.0.22631.7219 (from 10.0.22631.0)
  • Microsoft / Windows 11 Version 24H2
    < 10.0.26100.8655 (from 10.0.26100.0)
  • Microsoft / Windows 11 Version 25H2
    < 10.0.26200.8655 (from 10.0.26200.0)
  • Microsoft / Windows 11 version 26H1
    < 10.0.28000.2269 (from 10.0.28000.0)
  • Microsoft / Windows Server 2019
    < 10.0.17763.8880 (from 10.0.17763.0)
  • Microsoft / Windows Server 2019 (Server Core installation)
    < 10.0.17763.8880 (from 10.0.17763.0)
  • Microsoft / Windows Server 2022
    < 10.0.20348.5256 (from 10.0.20348.0)
  • Microsoft / Windows Server 2025
    < 10.0.26100.32995 (from 10.0.26100.0)
  • Microsoft / Windows Server 2025 (Server Core installation)
    < 10.0.26100.32995 (from 10.0.26100.0)
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
References