{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23761", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-01-15T18:42:20.938Z", "datePublished": "2026-01-22T16:17:49.527Z", "dateUpdated": "2026-05-14T02:09:25.959Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["vbvoicemeetervaio64*_win10.sys", "vbaudio_vmauxvaio*.sys", "vbaudio_vmvaio*.sys", "vbaudio_vmvaio3*.sys"], "platforms": ["Windows"], "product": "Voicemeeter (Standard)", "vendor": "VB-Audio Software", "versions": [{"lessThanOrEqual": "1.1.1.9", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["vbvoicemeetervaio64*_win10.sys", "vbaudio_vmauxvaio*.sys", "vbaudio_vmvaio*.sys", "vbaudio_vmvaio3*.sys"], "platforms": ["Windows"], "product": "Voicemeeter Banana", "vendor": "VB-Audio Software", "versions": [{"lessThanOrEqual": "2.1.1.9", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["vbvoicemeetervaio64*_win10.sys", "vbaudio_vmauxvaio*.sys", "vbaudio_vmvaio*.sys", "vbaudio_vmvaio3*.sys"], "platforms": ["Windows"], "product": "Voicemeeter Potato", "vendor": "VB-Audio Software", "versions": [{"lessThanOrEqual": "3.1.1.9", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["vbmatrixvaio64*_win10.sys"], "platforms": ["Windows"], "product": "Matrix", "vendor": "VB-Audio Software", "versions": [{"lessThanOrEqual": "1.0.2.2", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["vbmatrixvaio64*_win10.sys"], "platforms": ["Windows"], "product": "Matrix Coconut", "vendor": "VB-Audio Software", "versions": [{"lessThanOrEqual": "2.0.2.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:twistedmatrix:twistedweb:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.0.2.2"}]}]}], "credits": [{"lang": "en", "type": "finder", "value": "Klaus Hahnenkamp"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). When a handle is opened with a special file attribute value, the drivers improperly initialize FILE_OBJECT->FsContext to a non-pointer magic value. If subsequent operations are not handled by the VB-Audio driver and are forwarded down the audio driver stack (e.g., via PortCls to ks.sys), the invalid FsContext value can be dereferenced, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_ACCESS_VIOLATION. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems."}], "value": "VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). When a handle is opened with a special file attribute value, the drivers improperly initialize FILE_OBJECT->FsContext to a non-pointer magic value. If subsequent operations are not handled by the VB-Audio driver and are forwarded down the audio driver stack (e.g., via PortCls to ks.sys), the invalid FsContext value can be dereferenced, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_ACCESS_VIOLATION. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-824", "description": "CWE-824 Access of Uninitialized Pointer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-14T02:09:25.959Z"}, "references": [{"tags": ["technical-description", "exploit"], "url": "https://github.com/emkaix/security-research/tree/main/CVE-2026-23761"}, {"tags": ["release-notes", "patch"], "url": "https://forum.vb-audio.com/viewtopic.php?p=7574#p7574"}, {"tags": ["release-notes", "patch"], "url": "https://forum.vb-audio.com/viewtopic.php?p=7527#p7527"}, {"tags": ["product"], "url": "https://vb-audio.com/"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/vb-audio-voicemeeter-and-matrix-drivers-dos-via-improper-file-object-fscontext-initialization"}], "source": {"discovery": "UNKNOWN"}, "title": "VB-Audio Voicemeeter & Matrix Drivers DoS via Improper FILE_OBJECT FsContext Initialization", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-22T16:41:19.114138Z", "id": "CVE-2026-23761", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-22T16:41:39.558Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23761", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-22T16:41:19.114138Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-22T16:41:32.034Z"}}], "cna": {"title": "VB-Audio Voicemeeter & Matrix Drivers DoS via Improper FILE_OBJECT FsContext Initialization", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Klaus Hahnenkamp"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "VB-Audio Software", "modules": ["vbvoicemeetervaio64*_win10.sys", "vbaudio_vmauxvaio*.sys", "vbaudio_vmvaio*.sys", "vbaudio_vmvaio3*.sys"], "product": "Voicemeeter (Standard)", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.1.1.9"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "VB-Audio Software", "modules": ["vbvoicemeetervaio64*_win10.sys", "vbaudio_vmauxvaio*.sys", "vbaudio_vmvaio*.sys", "vbaudio_vmvaio3*.sys"], "product": "Voicemeeter Banana", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.1.1.9"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "VB-Audio Software", "modules": ["vbvoicemeetervaio64*_win10.sys", "vbaudio_vmauxvaio*.sys", "vbaudio_vmvaio*.sys", "vbaudio_vmvaio3*.sys"], "product": "Voicemeeter Potato", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.1.1.9"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "VB-Audio Software", "modules": ["vbmatrixvaio64*_win10.sys"], "product": "Matrix", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.0.2.2"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "VB-Audio Software", "modules": ["vbmatrixvaio64*_win10.sys"], "product": "Matrix Coconut", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.0.2.2"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/emkaix/security-research/tree/main/CVE-2026-23761", "tags": ["technical-description", "exploit"]}, {"url": "https://forum.vb-audio.com/viewtopic.php?p=7574#p7574", "tags": ["release-notes", "patch"]}, {"url": "https://forum.vb-audio.com/viewtopic.php?p=7527#p7527", "tags": ["release-notes", "patch"]}, {"url": "https://vb-audio.com/", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/vb-audio-voicemeeter-and-matrix-drivers-dos-via-improper-file-object-fscontext-initialization", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). When a handle is opened with a special file attribute value, the drivers improperly initialize FILE_OBJECT->FsContext to a non-pointer magic value. If subsequent operations are not handled by the VB-Audio driver and are forwarded down the audio driver stack (e.g., via PortCls to ks.sys), the invalid FsContext value can be dereferenced, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_ACCESS_VIOLATION. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems.", "supportingMedia": [{"type": "text/html", "value": "VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). When a handle is opened with a special file attribute value, the drivers improperly initialize FILE_OBJECT->FsContext to a non-pointer magic value. If subsequent operations are not handled by the VB-Audio driver and are forwarded down the audio driver stack (e.g., via PortCls to ks.sys), the invalid FsContext value can be dereferenced, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_ACCESS_VIOLATION. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-824", "description": "CWE-824 Access of Uninitialized Pointer"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:twistedmatrix:twistedweb:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "1.0.2.2"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-14T02:09:25.959Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23761", "state": "PUBLISHED", "dateUpdated": "2026-05-14T02:09:25.959Z", "dateReserved": "2026-01-15T18:42:20.938Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-01-22T16:17:49.527Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). When a handle is opened with a special file attribute value, the drivers improperly initialize FILE_OBJECT->FsContext to a non-pointer magic value. If subsequent operations are not handled by the VB-Audio driver and are forwarded down the audio driver stack (e.g., via PortCls to ks.sys), the invalid FsContext value can be dereferenced, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_ACCESS_VIOLATION. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems."}, {"lang": "es", "value": "VB-Audio Voicemeeter, Voicemeeter Banana y Voicemeeter Potato (versiones que terminan en 1.1.1.9, 2.1.1.9 y 3.1.1.9 y anteriores, respectivamente), as\u00ed como VB-Audio Matrix y Matrix Coconut (versiones que terminan en 1.0.2.2 y 2.0.2.2 y anteriores, respectivamente), contienen una vulnerabilidad en sus controladores de audio virtuales (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys y vbaudio_vmvaio3*.sys). Cuando se abre un identificador con un valor de atributo de archivo especial, los controladores inicializan incorrectamente FILE_OBJECT->FsContext a un valor m\u00e1gico no puntero. Si las operaciones subsiguientes no son manejadas por el controlador de VB-Audio y son reenviadas a la pila de controladores de audio (por ejemplo, a trav\u00e9s de PortCls a ks.sys), el valor FsContext inv\u00e1lido puede ser desreferenciado, causando un fallo del kernel (BSoD), t\u00edpicamente SYSTEM_SERVICE_EXCEPTION con STATUS_ACCESS_VIOLATION. Esta falla permite a un usuario local sin privilegios activar una denegaci\u00f3n de servicio en sistemas Windows afectados."}], "id": "CVE-2026-23761", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-01-22T17:16:37.320", "references": [{"source": "disclosure@vulncheck.com", "url": "https://forum.vb-audio.com/viewtopic.php?p=7527#p7527"}, {"source": "disclosure@vulncheck.com", "url": "https://forum.vb-audio.com/viewtopic.php?p=7574#p7574"}, {"source": "disclosure@vulncheck.com", "url": "https://github.com/emkaix/security-research/tree/main/CVE-2026-23761"}, {"source": "disclosure@vulncheck.com", "url": "https://vb-audio.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/vb-audio-voicemeeter-and-matrix-drivers-dos-via-improper-file-object-fscontext-initialization"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-824"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T03:45:14.844950+00:00", "value": {"mitigation_remediation": ["Apply the latest driver update from VB\u2011Audio that corrects the FsContext initialization flaw.", "If an update is temporarily unavailable, disable or remove the vulnerable VB\u2011Audio drivers so they are not loaded into the operating system.", "Continuously monitor system event logs for kernel\u2011mode crash events related to the audio driver and apply the fix when released."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service via kernel crash"}, "threat_synthesis": {"affected_systems": "VB\u2011Audio Software provides the affected drivers: Voicemeeter Standard, Banana, Potato and the Matrix and Matrix Coconut drivers. The vulnerable releases are those ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 for the Voicemeeter family and 1.0.2.2 and 2.0.2.2 for the Matrix family. No other vendors or versions are reported as impacted.", "description_and_impact": "The vulnerability exists in the virtual audio drivers supplied by VB\u2011Audio, including Voicemeeter Standard, Banana, Potato, Matrix, and Matrix Coconut. When a handle is opened with a specially crafted file attribute, the driver writes an invalid non\u2011pointer value into the FILE_OBJECT->FsContext field. Subsequent operations that are forwarded down the audio stack can dereference this value, causing a kernel page fault that terminates the system with a BSoD and an access violation status code. The effect is a denial\u2011of\u2011service that crashes the operating system; no confidentiality or integrity compromise is described.", "risk_and_exploitability": "The CVSS score of 6.9 indicates medium severity. The EPSS score is below 1\u202f%, suggesting a low probability of exploitation. The vulnerability is not present in the CISA KEV catalog. Attackers must have local, non\u2011privileged access to a Windows system and the ability to open the driver with the special file attribute. The flaw results in a kernel crash, so the chief risk is service disruption rather than data compromise."}}}}, "created": "2026-01-23T16:32:20.462977+00:00", "updated": "2026-04-18T03:45:21.083380+00:00", "vendors": ["vb-audio_software", "vb-audio_software$PRODUCT$matrix", "vb-audio_software$PRODUCT$matrix_coconut", "vb-audio_software$PRODUCT$voicemeeter", "vb-audio_software$PRODUCT$voicemeeter_banana", "vb-audio_software$PRODUCT$voicemeeter_potato"]}