Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Audio Service allows an authorized attacker to elevate privileges locally.
History

Wed, 15 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 14 Jul 2026 17:45:00 +0000

Type Values Removed Values Added
Description Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Audio Service allows an authorized attacker to elevate privileges locally.
Title Windows Audio Service Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Weaknesses CWE-362
CWE-416
CPEs cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*
Vendors & Products Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}


cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2026-07-14T17:06:31.359Z

Updated: 2026-07-15T22:24:19.247Z

Reserved: 2026-06-04T18:57:47.376Z

Link: CVE-2026-50440

cve-icon Vulnrichment

Updated: 2026-07-14T19:21:30.519Z

cve-icon NVD

No data.

cve-icon Redhat

No data.