CVEFinder.io

CVE-2026-34345

⚠️ high
🔍 Scan for this CVE
Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVSS Score
7.0
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-12
First Seen: 2026-05-17
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 52.0% of all 321,566 vulnerabilities in our database.

#154,377
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 7, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-05-14
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-362 CWE-416

📦 Affected Products 13

Vendor Product Status Affected Versions
microsoft windows_server_2016 Affected
< 10.0.14393.9140
microsoft windows_server_2019 Affected
< 10.0.17763.8755
microsoft windows_server_2022 Affected
< 10.0.20348.5074
microsoft windows_10_1809 Affected
< 10.0.17763.8755
microsoft windows_10_21h2 Affected
< 10.0.19044.7291
microsoft windows_10_22h2 Affected
< 10.0.19045.7291
microsoft windows_10_1607 Affected
< 10.0.14393.9140
microsoft windows_11_23h2 Affected
< 10.0.22631.7079
microsoft windows_server_2022_23h2 Affected
< 10.0.25398.2330
microsoft windows_11_24h2 Affected
< 10.0.26100.8390
microsoft windows_server_2025 Affected
< 10.0.26100.32772
microsoft windows_11_25h2 Affected
< 10.0.26200.8390
microsoft windows_11_26h1 Affected
< 10.0.28000.2113

🔗 References 1

https://msrc.microsoft.com/update-guide/vulnerabilit...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-21530 🔶 medium 6.7 0.1 Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. 2026-05-12
CVE-2026-32161 ⚠️ high 7.5 0.1 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Minip... 2026-05-12
CVE-2026-32170 🔶 medium 6.7 0.1 Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally. 2026-05-12
CVE-2026-32209 🔶 medium 4.4 0.0 Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature l... 2026-05-12
CVE-2026-33834 ⚠️ high 7.8 0.0 Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally. 2026-05-12
CVE-2026-33837 ⚠️ high 7.8 0.1 Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally. 2026-05-12
These CVEs affect the same products