PatchSiren cyber security CVE debrief
CVE-2026-42970 Microsoft CVE debrief
CVE-2026-42970 is a medium-severity vulnerability in Windows Push Notifications that allows an authorized attacker to disclose information locally. The vulnerability has a CVSS score of 5.5 and is classified as CWE-200. It was published on 2026-06-09T17:17:12.463Z and last modified on 2026-06-11T19:52:51.250Z.
- Vendor
- Microsoft
- Product
- Windows 10 Version 1607
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-11
Who should care
This vulnerability affects multiple versions of Windows 10, Windows 11, and Windows Server. Users of these systems should apply patches or mitigations as soon as possible.
Technical summary
The vulnerability is caused by the use of an uninitialized resource in Windows Push Notifications. An authorized attacker can exploit this vulnerability to disclose information locally.
Defensive priority
Medium
Recommended defensive actions
- Apply patches or mitigations provided by Microsoft as soon as possible.
- Ensure that Windows Push Notifications are properly configured and secured.
- Monitor system logs for potential exploitation attempts.
Evidence notes
The vulnerability is documented in the CVE record and NVD detail pages. Microsoft has provided a vendor advisory for this vulnerability.
Official resources
-
CVE-2026-42970 CVE record
CVE.org
-
CVE-2026-42970 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-42970 was published on 2026-06-09T17:17:12.463Z and last modified on 2026-06-11T19:52:51.250Z.