CVE Catalog

CVE-2026-42974

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.64%

46th percentile - higher than 46% of all known CVEs

Summary

An integer overflow or wraparound vulnerability exists in the Windows Performance Monitor component. It allows an unauthenticated attacker to execute code remotely over the network.

Risk Assessment

An attacker can remotely take control of the system without authentication, leading to full compromise of data confidentiality, integrity, and availability.

Recommendation

Immediately apply the security update released by Microsoft for Windows. Restrict access to the Performance Monitor service to trusted networks only.

Original NVD description (English source)

Integer overflow or wraparound in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS