CVE Catalog

CVE-2026-45487

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.05%

17th percentile - higher than 17% of all known CVEs

Summary

A TOCTOU race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.

Risk Assessment

An attacker with appropriate permissions can exploit this vulnerability to gain higher privileges in the system, potentially leading to serious security breaches.

Recommendation

It is recommended to monitor and restrict access to the Program Compatibility Assistant service and to regularly update the system to patch this vulnerability.

Original NVD description (English source)

Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS