CVE-2026-45642

CVSS v3.1

3.9

Low

Vector

AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2026-45642

Affected Products

Windows 10 Version 1607

Windows 10 Version 1809

Windows 10 Version 21H2

Windows 10 Version 22H2

Windows 11 Version 23H2

Windows 11 Version 24H2

Windows 11 Version 25H2

Windows 11 Version 26H1

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016

Windows Server 2019

Windows Server 2022

Windows Server 2025

CVE-2026-45642

Weakness Enumeration

Related Identifiers

Affected Products

References · 2