The vulnerability arises from improper input validation within the Windows Hyper‑V virtualization component. An attacker with local privileges can craft a malicious payload that triggers memory corruption, leading to the execution of arbitrary code on the host. The flaw is categorized under several weaknesses, including buffer overrun, signed integer misinterpretation, and general unvalidated input handling. Successful exploitation could allow the attacker to gain elevated privileges or disrupt system operation.

The flaw affects multiple Microsoft Windows releases. It is present in Windows 10 releases from version 1607 through 22H2, Windows 11 releases from 23H2 through 26H1, and all Windows Server editions from 2016 to 2025, including core and non‑core installations. All listed versions are listed by Microsoft as vulnerable.

The vulnerability carries a CVSS score of 7.3, indicating moderate to high severity. No EPSS score is currently available, and it is not listed in the CISA KEV catalog. The likely attack vector is a local privileged user, requiring the attacker to be authenticated on the affected system or to have the ability to launch Hyper‑V. Exploitation would involve supplying crafted input to the Hyper‑V component and triggering the underlying buffer corruption. Once executed, the attacker could obtain unrestricted code execution on the host. Users with administrative privileges are at greatest risk.