This vulnerability is a use‑after‑free flaw in the Windows Projected File System component. The defect enables an authorized attacker to execute a crafted sequence of file‑system operations that affects kernel memory, thereby allowing the attacker to increase the privileges they hold on the local machine. The primary impact is a local privilege escalation, where a user who can run code on the affected system can gain higher privileges than intended.

Affected versions include Microsoft Windows 10 (1809, 21H2, 22H2), Windows 11 (22H3, 23H2, 24H2, 25H2, 26H1), and Microsoft Windows Server 2019, 2022, 2025, including their Server Core installations. All supported architectures are impacted.

The CVSS score of 7.0 reflects moderate to high severity. EPSS information is not available, so the likelihood of exploitation in the wild cannot be determined from the public data. The vulnerability is not listed in the CISA KEV catalog, indicating no reported active exploitation. However, the flaw can only be triggered by an attacker who already has local access or authorized user privileges on the system.