CVE Catalog
CVE-2026-42974
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk0.64%
46th percentile - higher than 46% of all known CVEs
Summary
An integer overflow or wraparound vulnerability exists in the Windows Performance Monitor component. It allows an unauthenticated attacker to execute code remotely over the network.
Risk Assessment
An attacker can remotely take control of the system without authentication, leading to full compromise of data confidentiality, integrity, and availability.
Recommendation
Immediately apply the security update released by Microsoft for Windows. Restrict access to the Performance Monitor service to trusted networks only.
Original NVD description (English source)
Integer overflow or wraparound in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.

