{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32195", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-03-11T00:26:53.427Z", "datePublished": "2026-04-14T16:57:36.253Z", "dateUpdated": "2026-05-12T17:38:32.291Z"}, "containers": {"cna": {"title": "Windows Kernel Elevation of Privilege Vulnerability", "datePublic": "2026-04-14T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*", "versionStartIncluding": "10.0.28000.0", "versionEndExcluding": "10.0.28000.1836"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Windows 11 version 26H1", "platforms": ["ARM64-based Systems", "x64-based Systems"], "versions": [{"version": "10.0.28000.0", "lessThan": "10.0.28000.1836", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-121: Stack-based Buffer Overflow", "lang": "en-US", "type": "CWE", "cweId": "CWE-121"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:38:32.291Z"}, "references": [{"name": "Windows Kernel Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32195"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32195", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T03:56:22.080852Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T09:13:17.498Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32195", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T03:56:22.080852Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T09:09:12.661Z"}}], "cna": {"title": "Windows Kernel Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Windows 11 version 26H1", "versions": [{"status": "affected", "version": "10.0.28000.0", "lessThan": "10.0.28000.1836", "versionType": "custom"}], "platforms": ["ARM64-based Systems", "x64-based Systems"]}], "datePublic": "2026-04-14T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32195", "name": "Windows Kernel Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*", "vulnerable": true, "versionEndExcluding": "10.0.28000.1836", "versionStartIncluding": "10.0.28000.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:38:32.291Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32195", "state": "PUBLISHED", "dateUpdated": "2026-05-12T17:38:32.291Z", "dateReserved": "2026-03-11T00:26:53.427Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-14T16:57:36.253Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*", "matchCriteriaId": "690E74A8-E72C-47B6-96EB-37C48D69A635", "versionEndExcluding": "10.0.28000.1836", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*", "matchCriteriaId": "13A01FA1-08DC-4E33-9FFC-AB4BCD9634CA", "versionEndExcluding": "10.0.28000.1836", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally."}], "id": "CVE-2026-32195", "lastModified": "2026-04-20T16:37:02.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-04-14T18:17:25.890", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32195"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["arm64-based_systems", "x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.28000.0,10.0.28000.1836)"}}], "enrichment": {"confidence": 86.0, "confidence_source": "matching", "scores": [{"score": 86.0, "source": "matching"}]}, "original": {"product": "Windows 11 version 26H1", "source": "cna", "vendor": "Microsoft"}, "product": "windows_11_26h1", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-14T20:42:33.638943+00:00", "value": {"mitigation_remediation": ["Update Windows\u00a011 to the latest cumulative security update that resolves the kernel stack overflow flaw", "Limit privileged account use and enforce the principle of least privilege for all users", "Regularly review Windows event logs for unusual privilege escalation attempts and related kernel activity"], "summary": {"action": "Apply Patch", "impact": "Local Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Microsoft Windows\u00a011 version\u00a026H1 on arm64 processors is affected by the stack overflow flaw. No other versions or variants are listed in this entry.", "description_and_impact": "A stack\u2011based buffer overflow in the Windows kernel can be triggered by an authorized local user, allowing that user to gain higher privileges than intended. This flaw pertains to the CWE\u2011121 weakness, where improper stack handling may lead to code execution at kernel level. The vulnerability can be used to read, modify, or execute memory within the kernel, potentially compromising the entire operating system.", "risk_and_exploitability": "The CVSS score of 7 indicates a high severity risk. The EPSS score is not available, and the issue is not included in CISA's Known Exploited Vulnerabilities catalog. Exploitation requires local access to the system; an attacker with authorized privileges can trigger the buffer overflow and achieve system\u2011wide execution authority. The lack of publicly available exploits suggests that active exploitation is limited to determined internal threats able to launch the exploit locally."}}}}, "created": "2026-04-15T15:00:06.178818+00:00", "updated": "2026-04-15T21:00:09.480938+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$windows_11_26h1"]}