PT-2026-57249 · Undefined · Undefined

Published

2026-07-10

·

Updated

2026-07-10

·

CVE-2026-47791

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
CVE-2026-47291: Kernel-Mode RCE in Windows HTTP.sys
A critical Remote Code Execution (RCE) vulnerability, CVE-2026-47291, has been identified and recently patched in the Windows kernel-mode HTTP protocol stack, HTTP.sys. This flaw allows remote, unauthenticated attackers to achieve denial-of-service or, in the worst case, code execution with kernel privileges.
Technical Breakdown:
  • Vulnerability: CVE-2026-47791 affects the HTTP.sys driver, which provides HTTP request parsing and SSL/TLS termination for IIS and other applications.
  • Root Cause: The vulnerability stems from invalid validation of incoming HTTP requests.
  • Exploitation: A remote, unauthenticated attacker can exploit this by sending specially crafted HTTP packets to the target system.
  • Impact: Successful exploitation can result in a denial-of-service condition or kernel-level code execution.
  • MITRE ATT&CK Mapping:
  • Initial Access: T1190 (Exploit Public-Facing Application)
  • Execution: T1059 (Command and Scripting Interpreter) - specifically via RCE with kernel privileges.
  • Impact: T1499 (Service Degradation/Denial of Service), T1068 (Exploitation for Privilege Escalation)
Defense: Given this is a recently patched vulnerability, prioritize ensuring all Windows systems, especially those running IIS or other applications that utilize HTTP.sys, are fully updated with the latest security patches from Microsoft.
Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-47791

Affected Products

Undefined