HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-44810Published Modified CNA microsoft

CVE-2026-44810: Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.

Metrics

CVSS v3.1
8.4
Severity
HIGH
Fixed in
10.0.20348.5256
Affected Products
8

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An improper authentication vulnerability in Windows Cryptographic Services allows a local attacker to elevate privileges without any credentials. The attacker needs only an existing foothold on the host; no network access or user interaction is required, as derived from the CVSS vector (AV:L/PR:N/UI:N). Successful exploitation gives the attacker full control over confidentiality, integrity, and availability on the affected system. Patched-image rebuilds at the fix versions are available on HarborGuard for environments running an affected Windows build.

HarborGuard Coverage

Detection

Detection of CVE-2026-44810 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against images in customer registries and CI/CD pipelines, including custom-built Windows-based container images. Any image layer carrying an affected Windows Cryptographic Services build is flagged automatically.

Available
Triage

HarborGuard is capable of scoring this CVE at CVSS 8.4 (HIGH) and weighting it against each customer environment's compliance policy to determine priority. Triage results are routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

A patched-image rebuild at the applicable fix version (10.0.20348.5256 for Server 2022, 10.0.22631.7219 for Windows 11 23H2, 10.0.26100.8655 or 10.0.26100.32995 for 24H2/Server 2025, and 10.0.26200.8655 for 25H2) becomes available on HarborGuard once the upstream base image is published. For customers who opt into auto-remediation, HarborGuard can perform the rebuild, run a regression test suite, and open a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no network-facing exposure is required.

  • AuthenticationNot required

    No credentials or account are required to trigger the vulnerability; the attacker needs only code execution on the host.

  • Victim interactionNot required

    No user action such as clicking a link or opening a file is needed for exploitation.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions or specific environmental configuration.

Blast Radius

  • A successful attacker reads sensitive cryptographic material, private keys, and protected system data on the host.
  • The attacker modifies cryptographic service state and persisted system configurations.
  • The attacker can crash or disable Windows Cryptographic Services, disrupting all operations that depend on it such as TLS, code signing, and certificate validation.
  • Because all three impact dimensions (C, I, A) are rated HIGH, the attacker effectively achieves full control over the compromised host's security subsystem.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of CVE publication for any customer image containing an affected Windows Cryptographic Services build. For environments running Windows Server 2022, Windows 11 23H2, 24H2, 25H2, or Windows Server 2025 container base images, a rebuild against the corresponding fix version is available as soon as the upstream patched base image is published by Microsoft. Where compliance policy permits auto-remediation, HarborGuard can rebuild the affected image, execute a regression run, and open a pull request against impacted workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. Customers who manage their own remediation cadence receive a prioritized finding in their queue scored at CVSS 8.4 HIGH, with full affected-version ranges listed for each Windows product variant.

See how HarborGuard automates this

Fix available

10.0.20348.525610.0.22631.721910.0.26100.865510.0.26100.3299510.0.26200.865510.0.28000.2269
Patch commits
Affected packages
  • Microsoft / Windows 11 version 23H2
    < 10.0.22631.7219 (from 10.0.22631.0)
  • Microsoft / Windows 11 Version 23H2
    < 10.0.22631.7219 (from 10.0.22631.0)
  • Microsoft / Windows 11 Version 24H2
    < 10.0.26100.8655 (from 10.0.26100.0)
  • Microsoft / Windows 11 Version 25H2
    < 10.0.26200.8655 (from 10.0.26200.0)
  • Microsoft / Windows 11 version 26H1
    < 10.0.28000.2269 (from 10.0.28000.0)
  • Microsoft / Windows Server 2022
    < 10.0.20348.5256 (from 10.0.20348.0)
  • Microsoft / Windows Server 2025
    < 10.0.26100.32995 (from 10.0.26100.0)
  • Microsoft / Windows Server 2025 (Server Core installation)
    < 10.0.26100.32995 (from 10.0.26100.0)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References