Description
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
Published: 2026-05-12
Score: 8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free in Windows kernel‑mode drivers that can be triggered by a network packet. An attacker with sufficient authorization can cause the driver to execute arbitrary code in kernel mode, giving full control of the machine.

Affected Systems

Microsoft Windows Server 2025 and Windows Server 2025 Server Core are affected by this flaw.

Risk and Exploitability

With a CVSS score of 8, the flaw is considered high severity. The exploit requires the attacker to be authorized and able to send crafted traffic to the server. The EPSS is not available, and it is not listed in CISA’s KEV catalog, but the high CVSS suggests a significant risk if the vulnerability remains unpatched.

Generated by OpenCVE AI on May 12, 2026 at 19:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Microsoft security update that addresses CVE-2026-34332.
  • Configure firewall rules to limit inbound traffic to the ports required for legitimate remote management, thereby reducing the attack surface.
  • Enable detailed auditing and real‑time monitoring of kernel driver activity to detect anomalous behavior.

Generated by OpenCVE AI on May 12, 2026 at 19:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows Server 2025 (server Core Installation)
Vendors & Products Microsoft windows Server 2025 (server Core Installation)

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
Title Windows Kernel-Mode Driver Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft windows Server 2025
Weaknesses CWE-416
CPEs cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows Server 2025
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows Server 2025 Windows Server 2025 (server Core Installation)
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T19:15:28.522Z

Reserved: 2026-03-26T21:02:16.445Z

Link: CVE-2026-34332

cve-icon Vulnrichment

Updated: 2026-05-13T09:59:30.184Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T18:17:07.127

Modified: 2026-05-14T15:25:29.693

Link: CVE-2026-34332

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T20:15:24Z

Weaknesses