Description
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
Published: 2026-01-13
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Patch Immediately
AI Analysis

Impact

A race condition in the Capability Access Management Service allows an attacker who can run code with local user permissions to force the service to grant higher privileges through improper synchronization on shared resources. The flaw relies on race timing and results in users successfully elevating their rights on the same machine, potentially enabling full compromise of the local account. This is a classic concurrency bug and a classic memory safety issue identified as CWE-362 and CWE-416.

Affected Systems

Microsoft Windows 11 24H2, Windows 11 25H2, Windows Server 2025 and its Server Core installation are affected. The CVE data specifically lists the ARM64 and x64 variants of Windows 11 24H2 and 25H2 and all flavors of Windows Server 2025.

Risk and Exploitability

The CVSS score of 7.0 classifies the vulnerability as Medium-High severity, and the EPSS score of < 1% indicates a low estimated probability of exploitation at this time. The vulnerability is not present in the CISA KEV catalog. Though the attack requires local code execution, the provided description infers that any privileged user can exploit it by racing the service’s lock state; no remote vectors are described. An attacker already able to run code on the system can thus raise their privileges, which could lead to system-wide compromise.

Generated by OpenCVE AI on April 16, 2026 at 08:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Microsoft’s latest cumulative update that addresses the race condition in Capability Access Management Service.
  • After updating, reboot the system or restart the camsvc service to load the patched components.
  • Enforce the principle of least privilege by limiting local accounts’ rights to run only necessary programs and restricting access to the camsvc binary and related registry keys.

Generated by OpenCVE AI on April 16, 2026 at 08:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 16 Jan 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 24h2
Microsoft windows 11 25h2
CPEs cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*
Vendors & Products Microsoft windows 11 24h2
Microsoft windows 11 25h2

Tue, 13 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Description Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
Title Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2025
Weaknesses CWE-362
CWE-416
CPEs cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2025
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 11 24h2 Windows 11 24h2 Windows 11 25h2 Windows 11 25h2 Windows Server 2025
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-01T13:49:00.381Z

Reserved: 2025-12-11T21:02:05.731Z

Link: CVE-2026-21221

cve-icon Vulnrichment

Updated: 2026-01-13T21:43:57.474Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-13T18:16:24.723

Modified: 2026-01-16T16:48:12.050

Link: CVE-2026-21221

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T08:15:29Z

Weaknesses