PatchSiren cyber security CVE debrief

CVE-2026-26128 Microsoft CVE debrief

CVE-2026-26128 is a high-severity local privilege escalation vulnerability in Windows SMB Server, published 2026-03-10 and last modified 2026-05-26. The vulnerability stems from improper authentication (CWE-287) and allows an authorized attacker with local access to elevate privileges. The CVSS 3.1 score of 7.8 reflects high impact on confidentiality, integrity, and availability with low attack complexity. Affected products span multiple Windows client and server versions including Windows 10 (1607 through 22H2), Windows 11 (23H2 through 26H1), Windows Server 2012/R2, Windows Server 2016, 2019, 2022, 2022 23H2, and Windows Server 2025. Microsoft has issued a vendor advisory addressing this vulnerability. Third-party detection and mitigation scripts are also available. Organizations should prioritize patching based on the extensive affected product list and the high severity rating.

Vendor: Microsoft
Product: Windows 10 Version 1607
CVSS: HIGH 7.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-03-10
Original CVE updated: 2026-05-26
Advisory published: 2026-03-10
Advisory updated: 2026-05-26

Who should care

System administrators managing Windows SMB Server deployments, security teams responsible for Windows patch management, and organizations with shared workstation or multi-user server environments where local privilege escalation poses significant risk.

Technical summary

Improper authentication in Windows SMB Server enables local privilege escalation. Attack vector is local with low complexity, requiring low privileges and no user interaction. Successful exploitation grants high impact across confidentiality, integrity, and availability. Affects broad Windows client and server portfolio with specific patch version boundaries identified per CPE criteria.

Defensive priority

high

Recommended defensive actions

Apply Microsoft security updates for affected Windows versions per the vendor advisory
Review and deploy available detection scripts to identify potential exploitation attempts
Implement available mitigation scripts as interim protection where patching is delayed
Prioritize patching on systems where local user accounts have elevated privileges
Monitor for anomalous privilege escalation activity on SMB Server endpoints

Evidence notes

CVE published 2026-03-10; modified 2026-05-26. CVSS 3.1 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Weakness: CWE-287 (Improper Authentication). Affected versions identified via NVD CPE criteria. Microsoft vendor advisory confirmed.

Official resources

CVE-2026-26128 CVE record
CVE.org
CVE-2026-26128 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Vendor Advisory
Source reference
af854a3a-2127-422b-91ae-364da2661108
Source reference
af854a3a-2127-422b-91ae-364da2661108

2026-03-10