Description
Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.
Published: 2026-05-12
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A null pointer dereference occurs within the Windows Storport Miniport Driver, allowing an unauthorized attacker to cause a denial of service over a network. The flaw is a classic use‑after‑free type issue (CWE‑476) that can crash the driver and terminate storage services, leading to loss of availability for any systems relying on those services.

Affected Systems

The vulnerability affects Microsoft Windows Server 2025, including the Server Core installation. No specific firmware or patch versions are listed in the advisory, so all releases of these products may be impacted until a fix is applied.

Risk and Exploitability

With a CVSS score of 6.5 the weakness is considered medium severity. The EPSS score is not available, and the issue is not listed in CISA’s KEV catalog, suggesting the threat may not be actively exploited yet. However, the ability to trigger a DoS remotely means an attacker with network access to the affected host can disrupt service without additional privileges. The attack vector is inferred from the description – the denial of service can be triggered over the network by an unauthorized attacker.

Generated by OpenCVE AI on May 12, 2026 at 18:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Windows Server 2025 security update that addresses this Storport driver issue.
  • Until the update is available, limit exposure by disabling or restricting access to storage services and monitoring for abnormal restart activity.
  • After applying the fix, reboot the affected servers to fully unload the compromised driver and confirm the driver is no longer loaded.

Generated by OpenCVE AI on May 12, 2026 at 18:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows Server 2025 (server Core Installation)
Vendors & Products Microsoft windows Server 2025 (server Core Installation)

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.
Title Windows Storport Miniport Driver Denial of Service Vulnerability
First Time appeared Microsoft
Microsoft windows Server 2025
Weaknesses CWE-476
CPEs cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows Server 2025
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows Server 2025 Windows Server 2025 (server Core Installation)
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-12T17:53:26.022Z

Reserved: 2026-03-26T21:02:16.447Z

Link: CVE-2026-34350

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T18:17:09.540

Modified: 2026-05-12T18:17:09.540

Link: CVE-2026-34350

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T19:45:15Z

Weaknesses