CVE-2026-40405

⚠️ high

🔍 Scan for this CVE

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.

CVSS Score

7.5

High

EPSS Score

0.2

Exploit Probability

Published Date

2026-05-12

First Seen: 2026-05-17

This CVE is Moderate Risk - more severe than 69.0% of all 328,009 vulnerabilities in our database.

#101,817

Above average severity

Severity Percentile

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-05-15

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE IDs (Weakness Types)

CWE-476

📦 Affected Products 4

Vendor	Product	Status	Affected Versions
microsoft	windows_11_24h2	Affected	< 10.0.26100.8390
microsoft	windows_server_2025	Affected	< 10.0.26100.32772
microsoft	windows_11_25h2	Affected	< 10.0.26200.8390
microsoft	windows_11_26h1	Affected	< 10.0.28000.2113

Vendor Advisory

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-33828	⚠️ high	7.8	0.3	Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.	2026-06-09
CVE-2026-34335	⚠️ high	7.0	0.2	Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges loca...	2026-06-09
CVE-2026-40404	⚠️ high	7.8	0.3	Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability	2026-06-09
CVE-2026-40409	⚠️ high	7.8	0.2	Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability	2026-06-09
CVE-2026-41092	⚠️ high	7.8	0.3	Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.	2026-06-09
CVE-2026-41108	⚠️ high	7.0	0.2	Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.	2026-06-09

These CVEs affect the same products