Description
Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally.
Published: 2026-04-14
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A null pointer dereference in the Windows Redirected Drive Buffering component causes a local denial of service. An attacker who is authorized to use redirected drives can trigger the flaw, causing the affected system to stop processing redirected drive requests until it is restarted.

Affected Systems

Microsoft Windows 11 version 26H1 on the ARM64 architecture is the only build affected by this vulnerability.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. Exploit probability data (EPSS) is not available and the vulnerability is not listed in the CISA KEV catalog. The flaw requires an authorized local account, limiting the attack surface to users with local privileges; if exploited, the system will experience a denial of service for redirected drive operations.

Generated by OpenCVE AI on April 14, 2026 at 20:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Microsoft Security Advisory for CVE‑2026‑32216
  • Verify that your system is running Windows 11 26H1 on ARM64
  • Apply any available cumulative or security update that addresses this vulnerability
  • If an update is not yet available, reduce user privileges that allow access to redirected drives as a temporary measure

Generated by OpenCVE AI on April 14, 2026 at 20:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*

Wed, 15 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 26h1
Vendors & Products Microsoft windows 11 26h1

Wed, 15 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally.
Title Windows Redirected Drive Buffering System Denial of Service Vulnerability
First Time appeared Microsoft
Microsoft windows 11 26h1
Weaknesses CWE-476
CPEs cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*
Vendors & Products Microsoft
Microsoft windows 11 26h1
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 11 26h1 Windows 11 26h1
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-12T17:38:34.091Z

Reserved: 2026-03-11T01:49:58.660Z

Link: CVE-2026-32216

cve-icon Vulnrichment

Updated: 2026-04-15T09:09:10.161Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T18:17:28.880

Modified: 2026-04-20T14:34:43.987

Link: CVE-2026-32216

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T21:00:09Z

Weaknesses