HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-45600Published Modified CNA microsoft

CVE-2026-45600: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

Metrics

CVSS v3.1
7.8
Severity
HIGH
Fixed in
10.0.26100.8655
Affected Products
6

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A type confusion vulnerability in the Windows Kernel-Mode Drivers component allows a locally authenticated attacker to elevate privileges on affected Windows 11 and Windows Server 2025 systems. The flaw is reached locally and requires only a low-privilege account, with no network exposure or victim interaction needed. Successful exploitation gives the attacker full control over confidentiality, integrity, and availability of the host. Patched-image rebuilds at the fix versions are available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-45600 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream Microsoft and NVD advisory feeds. This matching capability covers all registry images, CI/CD pipeline builds, and custom-built Windows-based container images that include affected kernel-mode driver components.

Available
Triage

Triage is available using the CVSS v3.1 base score of 7.8 (HIGH), weighted against each customer organization's compliance policy to reflect environment-specific risk tolerance. Findings are routable to the appropriate team inbox within each customer org based on asset ownership and policy configuration.

Available
Patch

Patched-image rebuilds at versions 10.0.26100.8655, 10.0.26100.32995, 10.0.26200.8655, and 10.0.28000.2269 are available on HarborGuard for environments running an affected version. For customers who opt into auto-remediation, HarborGuard can trigger a rebuild, run a regression test suite, and open a PR against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no network-facing exposure is involved.

  • AuthenticationRequired

    Any low-privilege local account is sufficient; no administrative credentials are required to trigger the vulnerability.

  • Victim interactionNot required

    The attacker can execute the exploit entirely on their own without requiring any action from another user.

  • Attack complexityDetail

    The exploit is reliable and condition-free, with no race conditions or special environmental factors required.

Blast Radius

  • A successful attacker reads protected kernel memory, including credentials, session tokens, and sensitive process data belonging to other users or the OS.
  • The attacker writes to kernel memory or modifies privileged system structures, allowing persistent backdoors or tampering with security controls.
  • The attacker can crash or destabilize the kernel, causing the host to stop functioning and taking down all workloads running on it.
  • Because the elevation reaches kernel level, any container isolation relying solely on OS-level primitives on the same host is at risk of being bypassed.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-45600 is active across the platform, matching this CVE against any customer image containing affected Windows Kernel-Mode Driver components within minutes of advisory publication. For environments running Windows 11 24H2, 25H2, 26H1, or Windows Server 2025 at vulnerable build numbers, patched-image rebuilds targeting the respective fix versions are available. Where compliance policy permits auto-remediation, HarborGuard can rebuild the image, execute a regression test run, and open a PR against affected workloads automatically; the median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. For environments where auto-remediation is not enabled, the finding is surfaced in the HarborGuard dashboard with CVSS score, affected image list, and fix version details so that engineering teams can act immediately.

See how HarborGuard automates this

Fix available

10.0.26100.865510.0.26100.3299510.0.26200.865510.0.28000.2269
Patch commits
Affected packages
  • Microsoft / Windows 11 Version 24H2
    < 10.0.26100.8655 (from 10.0.26100.0)
  • Microsoft / Windows 11 Version 25H2
    < 10.0.26200.8655 (from 10.0.26200.0)
  • Microsoft / Windows 11 version 26H1
    < 10.0.28000.2269 (from 10.0.28000.0)
  • Microsoft / Windows 11 Version 26H1
    < 10.0.28000.2269 (from 1.0.0)
  • Microsoft / Windows Server 2025
    < 10.0.26100.32995 (from 10.0.26100.0)
  • Microsoft / Windows Server 2025 (Server Core installation)
    < 10.0.26100.32995 (from 10.0.26100.0)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References