PatchSiren cyber security CVE debrief
CVE-2026-58540 Microsoft CVE debrief
CVE-2026-58540 is a HIGH severity vulnerability with a CVSS score of 7.8. It is caused by improper authorization in Windows Installer, allowing an authorized attacker to elevate privileges locally. Multiple Windows versions and server releases are affected, including Windows 10, Windows 11, and Windows Server 2012 through 2025. This vulnerability has a Local attack vector with Low complexity and privileges required, as indicated by the CVSS vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. System administrators and security teams should prioritize patching due to the high severity and local attack vector. The CVE record was published on 2026-07-14T18:18:41.377Z and has not been modified since. Microsoft has provided a patch and vendor advisory for this vulnerability.
- Vendor
- Microsoft
- Product
- Windows 10 Version 1607
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-16
Who should care
System administrators and security teams responsible for Windows infrastructure should be aware of this vulnerability. Given the high severity and local attack vector, prioritizing patching for this CVE is recommended.
Technical summary
The vulnerability is caused by improper authorization in Windows Installer. An authorized attacker can exploit this vulnerability to elevate privileges locally. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a Local attack vector with Low complexity and privileges required. The vulnerability affects multiple Windows versions, including Windows 10 1607, 1809, 21H2, 22H2, 24H2, 25H2, 26H1, and Windows Server 2012, 2012 R2, 2016, 2019, 2022, and 2025.
Defensive priority
High priority due to local attack vector and high severity
Recommended defensive actions
- Apply patches from Microsoft as soon as possible
- Review and update inventory of Windows systems
- Implement compensating controls such as strict access controls and monitoring
- Verify and enforce secure configuration for Windows Installer
Evidence notes
The CVE record was published on 2026-07-14T18:18:41.377Z and has not been modified since. The NVD entry is currently Analyzed. Microsoft has provided a patch and vendor advisory for this vulnerability.
Official resources
-
CVE-2026-58540 CVE record
CVE.org
-
CVE-2026-58540 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T18:18:41.377Z and has not been modified since.