Windows SMB Server Elevation of Privilege Vulnerability

Plan Patch7.8CVE-2026-26128Mar 10, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Windows SMB Server contains an improper authentication vulnerability that allows a locally authenticated user to elevate their privileges on the affected system. This flaw requires an existing local user account and does not require user interaction. The vulnerability affects Windows 10 (all supported versions), Windows 11 (all versions), Windows Server 2016, 2019, 2022, and 2025.

What this means

What could happen

A user with local access to a Windows machine running SMB Server could exploit this flaw to gain higher privileges, potentially allowing them to modify system files, alter process configurations, or access sensitive data on that machine.

Who's at risk

Windows IT administrators managing Windows 10, Windows 11, Windows Server 2016, 2019, 2022, and 2025 installations should prioritize patching. This affects all organizations running these Windows versions, but carries the most operational risk for facilities with industrial PCs, SCADA workstations, or engineering computers running Windows Server for control system connectivity or data logging.

How it could be exploited

An attacker with an existing local user account on the affected Windows system can bypass authentication checks in the SMB Server component to escalate their privileges to a higher level without requiring additional credentials.

Prerequisites

Local user account on the affected Windows system
SMB Server enabled (default on most Windows installations)

Low authentication complexityLocal access required (reduces external risk)Affects widespread Windows platforms

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (27)

27 with fix

ProductAffected VersionsFix Status

Windows Server 2022All versionsBuild 10.0.20348.4893

Windows Server 2022 (Server Core installation)All versionsBuild 10.0.20348.4893

Windows 10 Version 21H2 for 32-bit SystemsAll versionsBuild 10.0.19044.7058

Windows 10 Version 21H2 for ARM64-based SystemsAll versionsBuild 10.0.19044.7058

Windows 10 Version 21H2 for x64-based SystemsAll versionsBuild 10.0.19044.7058

Remediation & Mitigation

0/2

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply the March 2026 Windows security update to your Windows 10, Windows 11, and Windows Server systems

Long-term hardening

0/1

HARDENINGRestrict local user account creation and access to only necessary personnel

CVEs (1)

CVE-2026-26128

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/23c9b470-4399-4406-a330-9f87c95248fc

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.