CVEFinder.io

CVE-2026-40397

⚠️ high
🔍 Scan for this CVE
Summary

Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVSS Score
7.8
High
EPSS Score
0.1
Exploit Probability
Published Date
2026-05-12
First Seen: 2026-05-17
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.7% of all 321,566 vulnerabilities in our database.

#97,378
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 13, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-05-15
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-191

📦 Affected Products 15

Vendor Product Status Affected Versions
microsoft windows_server_2012 Affected
v-
microsoft windows_server_2012 Affected
vr2
microsoft windows_server_2016 Affected
< 10.0.14393.9140
microsoft windows_server_2019 Affected
< 10.0.17763.8755
microsoft windows_server_2022 Affected
< 10.0.20348.5074
microsoft windows_10_1809 Affected
< 10.0.17763.8755
microsoft windows_10_21h2 Affected
< 10.0.19044.7291
microsoft windows_10_22h2 Affected
< 10.0.19045.7291
microsoft windows_10_1607 Affected
< 10.0.14393.9140
microsoft windows_11_23h2 Affected
< 10.0.22631.7079
microsoft windows_server_2022_23h2 Affected
< 10.0.25398.2330
microsoft windows_11_24h2 Affected
< 10.0.26100.8390
microsoft windows_server_2025 Affected
< 10.0.26100.32772
microsoft windows_11_25h2 Affected
< 10.0.26200.8390
microsoft windows_11_26h1 Affected
< 10.0.28000.2113

🔗 References 1

https://msrc.microsoft.com/update-guide/vulnerabilit...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-21530 🔶 medium 6.7 0.1 Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. 2026-05-12
CVE-2026-32161 ⚠️ high 7.5 0.1 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Minip... 2026-05-12
CVE-2026-32170 🔶 medium 6.7 0.1 Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally. 2026-05-12
CVE-2026-32209 🔶 medium 4.4 0.0 Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature l... 2026-05-12
CVE-2026-33834 ⚠️ high 7.8 0.0 Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally. 2026-05-12
CVE-2026-33837 ⚠️ high 7.8 0.1 Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally. 2026-05-12
These CVEs affect the same products