PatchSiren cyber security CVE debrief
CVE-2026-40404 Microsoft CVE debrief
CVE-2026-40404 is a HIGH severity Elevation of Privilege vulnerability in the Windows Universal Disk Format File System Driver (UDFS). The vulnerability has a CVSS score of 7.8 and was published on 2026-06-09T17:17:06.240Z. The vulnerability affects multiple versions of Windows 10, Windows 11, and Windows Server.
- Vendor
- Microsoft
- Product
- Windows 10 Version 1607
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Administrators and users of affected Windows systems should apply patches to mitigate this vulnerability.
Technical summary
The vulnerability is caused by a weakness in the Windows Universal Disk Format File System Driver (UDFS). Successful exploitation of this vulnerability could allow an attacker to elevate their privileges on a vulnerable system.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches from Microsoft as soon as possible.
- See ${ref-4} for vendor advisory.
Evidence notes
The CVE record ${cve-org} and NVD detail ${nvd} provide additional information about this vulnerability.
Official resources
-
CVE-2026-40404 CVE record
CVE.org
-
CVE-2026-40404 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-40404 was published on 2026-06-09T17:17:06.240Z and modified on 2026-06-10T19:58:18.257Z.