PatchSiren cyber security CVE debrief
CVE-2026-42991 Microsoft CVE debrief
CVE-2026-42991 is a HIGH-severity vulnerability (CVSS Score: 7.8) in Windows Push Notifications, allowing an authorized attacker to elevate privileges locally due to a race condition. The vulnerability was published on 2026-06-09 and last modified on 2026-06-11.
- Vendor
- Microsoft
- Product
- Windows 10 Version 1809
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-11
Who should care
Administrators and users of affected Microsoft Windows versions should prioritize patching this vulnerability to prevent local privilege escalation attacks.
Technical summary
The vulnerability (CVE-2026-42991) is caused by a race condition in Windows Push Notifications, which allows an authorized attacker to elevate privileges locally. It has been assigned a CVSS Score of 7.8 and CVSS Severity of HIGH.
Defensive priority
High
Recommended defensive actions
- Apply patches from Microsoft as soon as possible.
- Review and update vulnerability management processes to ensure timely patching of critical vulnerabilities.
- Monitor systems for suspicious activity that could indicate exploitation attempts.
Evidence notes
The CVE-2026-42991 record was obtained from the official CVE.org and NVD databases.
Official resources
-
CVE-2026-42991 CVE record
CVE.org
-
CVE-2026-42991 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-42991 was published on 2026-06-09 and last modified on 2026-06-11.