A heap‑based buffer overflow exists in Windows Hyper‑V that allows an authorized user to run arbitrary code on the host machine. The flaw arises when Hyper‑V processes certain heap allocations, leading to uncontrolled overwrite of adjacent memory. Successful exploitation could compromise the integrity and confidentiality of the host operating system and any VMs running on it, granting an attacker the privileges of the Hyper‑V service. This escalation can affect system stability, data integrity, and overall availability.

The vulnerability is present in Microsoft Windows 10 versions 1607, 1809, 21H2, 22H2, as well as Windows 11 editions 23H2, 24H2, 25H2, 26H1, 22H3, and 26H1. It also affects Windows Server 2016, 2016 Server Core, 2019, 2019 Server Core, 2022, 2022 Server Core 23H2, 2025, and 2025 Server Core. All these systems run the Hyper‑V hypervisor component and are susceptible when the vulnerable code path is exercised.

The CVSS base score of 7.3 indicates a high impact potential, while the EPSS score of less than 1% reflects a very low probability of exploitation as of the latest analysis. The flaw is not listed in the CISA KEV catalog, suggesting no widespread or proven exploit activity. The attack vector is inferred to be local, requiring an authorized attacker with access to the Hyper‑V host or privileged credentials. Exploitation would likely involve triggering the heap corruption through a carefully crafted input to the Hyper‑V service, resulting in arbitrary code execution on the host. Due to the privileged nature of the vulnerability, containment is critical even while the risk of remote compromise remains low.