RegPwn Vulnerability in Windows Accessibility

⚔️ Attack Techniques & Methods2026-03-23, 11:06
MDSec's research describes a privilege escalation vulnerability RegPwn (CVE-2026-24291), affecting Windows 10/11 and Windows Server 2012–2025. The flaw originates from the way Accessibility mechanisms handle parameters — insecure registry permissions allowed a local user to overwrite values and execute arbitrary code with SYSTEM privileges.
The exploit was previously kept private, having been utilized in Red Team engagements since January 2025. Microsoft addressed the vulnerability in the March 2026 Patch Tuesday update. While exploitation requires local access, it results in a full system compromise.
📎 Article: https://www.mdsec.co.uk/2026/03/rip-regpwn/
💬 Discuss
Vulnerabilities
7.8
CVE-2026-24291
Researchers
James Forshaw
Vendors
Microsoft
Products
Windows 10
Windows 11
Windows Server 2012
Windows Server 2025
Published
2026-03-23, 11:06