CVE Catalog

CVE-2026-42907

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.82%

53th percentile - higher than 53% of all known CVEs

Summary

A vulnerability in Windows Shell allows an unauthorized actor to disclose sensitive information over the network. The attacker must be authenticated to exploit this flaw.

Risk Assessment

The organization is at risk of confidential data leakage, which could be intercepted by an authenticated attacker on the internal or external network.

Recommendation

Apply the security update provided by Microsoft in the monthly cumulative patch rollup immediately.

Original NVD description (English source)

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS