{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-42989/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-10T17:55:04.870Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-42989","@id":"https://www.cve.org/CVERecord?id=CVE-2026-42989","description":"Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally."},"products":[{"@id":"cpe:2.3:a:microsoft:windows_10_version_1607:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_10_version_1607:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:microsoft:windows_10_version_1809:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_10_version_1809:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:microsoft:windows_10_version_21h2:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_10_version_21h2:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:microsoft:windows_10_version_22h2:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_10_version_22h2:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:microsoft:windows_11_version_23h2:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_11_version_23h2:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:microsoft:windows_11_version_24h2:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_11_version_24h2:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:microsoft:windows_11_version_25h2:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_11_version_25h2:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:microsoft:windows_11_version_26h1:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_11_version_26h1:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:microsoft:windows_server_2012:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_server_2012:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:microsoft:windows_server_2012_\\(server_core_installation\\):*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_server_2012_\\(server_core_installation\\):*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:microsoft:windows_server_2012_r2:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_server_2012_r2:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:microsoft:windows_server_2012_r2_\\(server_core_installation\\):*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_server_2012_r2_\\(server_core_installation\\):*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:microsoft:windows_server_2016:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:microsoft:windows_server_2016_\\(server_core_installation\\):*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_server_2016_\\(server_core_installation\\):*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:microsoft:windows_server_2019:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:microsoft:windows_server_2019_\\(server_core_installation\\):*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_server_2019_\\(server_core_installation\\):*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_server_2022:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_server_2025:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:microsoft:windows_server_2025_\\(server_core_installation\\):*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:microsoft:windows_server_2025_\\(server_core_installation\\):*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 6.2.9200.26132, 6.3.9600.23228, 10.0.14393.9234, 10.0.17763.8880, 10.0.19044.7417, 10.0.19045.7417, 10.0.20348.5256, 10.0.22631.7219, 10.0.26100.8655, 10.0.26100.32995, 10.0.26200.8655, 10.0.28000.2269.","timestamp":"2026-06-10T17:55:04.870Z"}]}