CVE-2026-54127
Windows Hyper-V Elevation of Privilege Vulnerability
Description
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
In plain language
AI Act nowThis Windows Hyper-V bug lets a local attacker raise their privileges without needing a login, but only if they can already access your Hyper-V environment—so most small businesses should check whether they run Hyper-V and update Windows.
CVE-2026-54127 is a Windows Hyper-V local elevation-of-privilege issue caused by a use-after-free weakness that can be triggered without authentication or user interaction by an attacker with local access to the Hyper-V environment.
What to do now
- Check whether the affected Windows systems (Windows 11, Windows Server 2022, Windows Server 2025) have Hyper-V enabled and are used/accessible in your environment.
- Compare your current Windows build/version to the vendor’s fixed versions for CVE-2026-54127.
- Update to the fixed version for your product: Windows 11 (10.0.26100.8875 or 10.0.28000.2525), Windows Server 2022 (10.0.20348.5386), or Windows Server 2025 (10.0.26100.33158).
- If you can’t update immediately, reduce “local access” to Hyper-V hosts (limit who can log on locally and who can reach the Hyper-V environment), and plan an expedited patch window.
CVSS Vector Breakdown
AV:LAttack VectorAC:HAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
- Microsoft and Adobe Patch Tuesday, July 2026 Security Update Reviewen-us·Qualys Security Blog·
- Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilitiesen·Cisco Talos·
- Microsoft Patch Tuesday July 2026 - The AI Acopolypse is Hereen·SANS Internet Storm Center·
- Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-daysen-us·BleepingComputer·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-54127 and every CVE in our database. Create a free account — no credit card required.
Create Free Account