Windows Kernel Elevation of Privilege Vulnerability

Plan PatchCVSS 7.8CVE-2026-26180Apr 14, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A heap-based buffer overflow in the Windows kernel allows an authorized local user to escalate their privileges to administrator level. The vulnerability requires the attacker to already have a user account and login access on the target system. Microsoft rates exploitation as less likely and has released patches for all supported Windows 10, Windows 11, and Windows Server versions (2016 through 2025).

What this means

What could happen

A user with local access to a Windows system could exploit a kernel memory issue to gain administrative privileges, potentially allowing them to modify process settings, disable security controls, or shut down operations on that machine.

Who's at risk

Any organization running Windows 10, Windows 11, Windows Server 2016, 2019, 2022, or 2025 should apply this patch. This affects engineering workstations, SCADA servers, HMI machines, and any administrative systems running these OS versions. Critical for facilities running Windows-based control systems or data systems that support water treatment, power distribution, or other essential services.

How it could be exploited

An attacker with a local user account on a Windows system could craft a malicious input to trigger a heap buffer overflow in the kernel, causing memory corruption that escalates their privileges to administrator level. This requires the attacker to already have login access to the machine.

Prerequisites

Local user account on the Windows system
Interactive login access (remote desktop, physical console, or shared workstation access)

Local access requiredLow complexity attackAffects IT infrastructure supporting OT operationsPatch available from vendor

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (27)

27 with fix

ProductAffected VersionsFix Status

Windows 11 Version 26H1 for ARM64-based SystemsAll versionsBuild 10.0.28000.1836

Windows 11 version 26H1 for x64-based SystemsAll versionsBuild 10.0.28000.1836

Windows 10 Version 1809 for 32-bit SystemsAll versionsBuild 10.0.17763.8644

Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8644

Windows Server 2019All versionsBuild 10.0.17763.8644

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

Windows Server 2016

HOTFIXApply the 2026-April Windows security update to all affected Windows 10, Windows 11, Windows Server 2016, 2019, 2022, and 2025 systems

CVEs (1)

CVE-2026-26180

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9c6b62bf-5ac0-4ee8-8ba8-8eb3a6aa4166

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.