Windows Kernel Memory Information Disclosure Vulnerability

MonitorCVSS 6.1CVE-2026-26169Apr 14, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Buffer over-read in Windows Kernel Memory allows an authorized local attacker to disclose sensitive kernel information. The vulnerability exists in all versions of Windows 10, Windows 11, Windows Server 2016, 2019, 2022, and 2025.

What this means

What could happen

An attacker with local access to a Windows system could read sensitive kernel memory contents, potentially exposing credentials, encryption keys, or other system secrets that could be used in further attacks. This affects any HMI, engineering workstation, or Windows-based control system on your network.

Who's at risk

This affects any Windows-based systems in your environment: HMI (Human Machine Interface) workstations, engineering computers, Windows Server-based historians or data servers, and any Windows systems running on control network or corporate network. Both x64 and ARM-based systems are affected across Windows 10, 11, Server 2016, 2019, 2022, and 2025.

How it could be exploited

An attacker with a user account on a Windows system could trigger a buffer over-read in the kernel memory handler to extract sensitive data without elevated privileges. The attacker needs only local login access to execute the exploit.

Prerequisites

Valid user account on the Windows system (local login required)
Physical or remote access to log in to the machine

Low complexityRequires valid user credentialsAffects sensitive information disclosure

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (27)

27 with fix

ProductAffected VersionsFix Status

Windows 11 Version 26H1 for ARM64-based SystemsAll versionsBuild 10.0.28000.1836

Windows 11 version 26H1 for x64-based SystemsAll versionsBuild 10.0.28000.1836

Windows 10 Version 1809 for 32-bit SystemsAll versionsBuild 10.0.17763.8644

Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8644

Windows Server 2019All versionsBuild 10.0.17763.8644

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXApply the April 2026 Windows security update to all affected systems

HOTFIXPrioritize patching HMI workstations and engineering computers that handle sensitive control logic or credentials

Long-term hardening

0/2

HARDENINGRestrict local login to Windows systems to authorized personnel only; audit and remove unnecessary user accounts

HARDENINGImplement multi-factor authentication for accounts that access Windows systems in the OT environment

CVEs (1)

CVE-2026-26169

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6cf1559e-c5f1-4ac4-b2f8-8ceffcdec3c6

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.