A use‑after‑free flaw in the Windows Cloud Files Mini Filter Driver allows a local attacker who has authorized access to the system to manipulate kernel memory and gain elevated privileges. The vulnerability is categorized as CWE‑416, indicating an improper use of a freed resource. If successfully exploited, an attacker could execute code with higher privileges than the user account, potentially compromising system integrity, installing malware, or tampering with system files.

Microsoft Windows 10 versions 1809, 21H2, and 22H2; Microsoft Windows 11 versions 23H2, 24H2, 25H2, 22H3, and 26H1; Microsoft Windows Server 2019 (including Server Core), Windows Server 2022, and Windows Server 2025 environments. The vulnerability is present in both standard and Server Core installations.

The CVSS score of 7.8 indicates a high severity for this local privilege escalation. The EPSS score is not available, but the absence of a KEV listing does not diminish the risk, especially given the use‑after‑free nature of the flaw. The likely attack vector is a local user with the ability to run applications that interact with the Cloud Files filter; such an attacker can trigger the free‑use condition through crafted file operations. If exploited, the attacker gains the privileges of the compromised user or potentially system-level rights, enabling further lateral movement or persistence. High confidence that the flaw is exploitable in real environments with available techniques.