CVE Catalog

CVE-2026-42912

HighCVSS 7.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

12th percentile - higher than 12% of all known CVEs

Summary

In Windows Telephony Service, there is a concurrent execution issue using shared resources with improper synchronization, leading to a race condition. This allows an authorized attacker to elevate privileges locally.

Risk Assessment

An attacker with local access could exploit this vulnerability to gain higher privileges, potentially leading to unauthorized access to the system and data.

Recommendation

It is recommended to update the operating system to the latest version to patch this vulnerability and to monitor system access for potential exploitation attempts.

Original NVD description (English source)

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS