CVE-2026-49798
Windows Kernel Elevation of Privilege Vulnerability
Description
Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
In plain language
AI Act nowThis is a Windows “kernel” security bug that lets a local attacker gain higher privileges, so most small businesses should treat it as a serious patching priority even though there’s no confirmed attack report for this specific CVE.
CVE-2026-49798 is a Windows Kernel use-after-free weakness (CWE-416) that can allow an attacker with local access to execute code in kernel context and elevate privileges.
What to do now
- Check whether your Windows version matches one of the affected products (Windows 10, Windows 11, and Windows Server editions listed).
- Check for the presence of the security fix by updating Windows using your normal update process (Windows Update / your management tool) until your build is at or above the fixed version for your edition:
- Windows 10: 10.0.14393.9339 or 10.0.17763.9020 or 10.0.19044.7548 or 10.0.19045.7548
- Windows 11: 10.0.26100.8875 or 10.0.26200.8875 or 10.0.28000.2269
- Windows Server 2012: 6.2.9200.26226
- Windows Server 2012 R2: 6.3.9600.23291
- Windows Server 2016: 10.0.14393.9339
- Windows Server 2019: 10.0.17763.9020
- Windows Server 2022: 10.0.20348.5386
- If you can’t update immediately, prioritize patching on systems that are more likely to have local access from untrusted people (shared terminals, support kiosks, contractor machines).
- After updating, verify the update installed successfully and review local security logs for unusual privilege changes or unexpected administrative activity.
CVSS Vector Breakdown
AV:LAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:CScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
- Microsoft and Adobe Patch Tuesday, July 2026 Security Update Reviewen-us·Qualys Security Blog·
- Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilitiesen·Cisco Talos·
- Microsoft Patch Tuesday July 2026 - The AI Acopolypse is Hereen·SANS Internet Storm Center·
- Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-daysen-us·BleepingComputer·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-49798 and every CVE in our database. Create a free account — no credit card required.
Create Free Account