Windows Kernel Information Disclosure Vulnerability

MonitorCVSS 5.5CVE-2026-32215Apr 14, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

The Windows kernel inadvertently writes sensitive information to log files that are accessible to local users with ordinary file read permissions. An authorized local user could read these log files and discover information that should remain confidential. The vulnerability affects Windows 10 (all versions 1809–22H2), Windows 11 (all versions 23H2–26H1), Windows Server 2019, 2022, and 2025 across x64, ARM64, and 32-bit architectures.

What this means

What could happen

An attacker with local login access could read sensitive information from Windows kernel log files that should not be exposed. This could leak data about system operations, configurations, or security settings.

Who's at risk

Windows server administrators running Windows Server 2019, 2022, or 2025, and any facility using Windows 10 or 11 workstations in operational or administrative roles. This affects both standard x64, ARM64, and 32-bit systems as well as Server Core installations.

How it could be exploited

An attacker with a valid local user account on the Windows server logs in and reads kernel log files where sensitive information has been inadvertently written. No special tools or privileges are needed beyond ordinary file read access.

Prerequisites

Valid local user account on the Windows system
Local access to the system or remote login capability (RDP, SSH, etc.)
File read permissions to kernel log locations

Requires valid local credentialsLow complexity attackInformation disclosure only (no code execution)Affects log file access controls

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (23)

23 with fix

ProductAffected VersionsFix Status

Windows 11 Version 26H1 for ARM64-based SystemsAll versionsBuild 10.0.28000.1836

Windows 11 version 26H1 for x64-based SystemsAll versionsBuild 10.0.28000.1836

Windows 10 Version 1809 for 32-bit SystemsAll versionsBuild 10.0.17763.8644

Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8644

Windows Server 2019All versionsBuild 10.0.17763.8644

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict file system permissions on kernel log directories to prevent unprivileged user access

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXApply April 2026 Windows security update to all Windows servers and workstations

HARDENINGReview and audit log file access controls to ensure sensitive data is not readable by standard user accounts

CVEs (1)

CVE-2026-32215

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/141d35c9-2e82-42e0-be91-b09cc69a3ed1

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.