Concurrent execution using a shared resource with improper synchronization creates a race condition that an authorized local attacker can exploit to upgrade privileges within the host operating system. This flaw falls under CWE‑362 and CWE‑416. An attacker who already has access to the machine can trigger the race in the Windows Subsystem for Linux, potentially causing the shell or processes to run with elevated rights, compromising system integrity and confidentiality.

Vulnerable systems include Windows 10 build 21H2 and 22H2, Windows 11 builds 23H2, 24H2, 25H2, 26H1, 22H3, and 26H1, as well as Windows Server 2022, the 23H2 Server Core edition, Windows Server 2025 and its Server Core installation. The flaw operates within the WSL component across these releases and affects both x86, x64, and ARM64 architectures.

The CVSS base score is 7, indicating high severity for local privilege escalation. EPSS is reported as <1 %, reflecting a low but non‑zero exploitation probability based on recent data. The vulnerability is not listed in the CISA KEV catalog, so no public exploits have been confirmed yet. Because the flaw requires local, authorized access and specific timing to create the race, advanced knowledge of the WSL internals and precise manipulation of concurrent processes would be needed, which limits the likelihood of widespread attacks.