CVE-2026-42912

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2026-42912

Affected Products

Windows 10 Version 1607

Windows 10 Version 1809

Windows 10 Version 21H2

Windows 10 Version 22H2

Windows 11 Version 23H2

Windows 11 Version 24H2

Windows 11 Version 25H2

Windows 11 Version 26H1

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016

Windows Server 2019

Windows Server 2022

Windows Server 2025

CVE-2026-42912

Weakness Enumeration

Related Identifiers

Affected Products

References · 2