An integer overflow or wraparound flaw exists in the Windows Storage Spaces Controller module that allows a logon user with local access to elevate privileges to a higher level. The vulnerability is caused by unchecked arithmetic that can corrupt critical internal data structures used when managing virtual storage pools. Exploitation of this flaw could let a non-administrative user gain the rights of an administrator or local system account, compromising confidentiality, integrity, and availability of local resources.

The flaw affects a wide range of Windows operating systems, including Windows 10 starting with version 1607 and all subsequent releases up through 25H2, Windows 11 from 23H2 through 26H1, and several versions of Windows Server from Server 2012 R2 through Server 2025. Any installation that has the Storage Spaces feature enabled or any component that processes storage space requests is potentially vulnerable.

With a CVSS score of 7.8, this weakness is regarded as a high-severity local privilege escalation. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, indicating no confirmed widespread exploitation yet. However, because the flaw permits an attacker who already has local login rights to obtain administrative privileges, the risk is high in environments where privileged access is not tightly monitored or where Storage Spaces is used for critical data storage.