Description
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Published: 2026-05-12
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw resides in the Windows Ancillary Function Driver for WinSock, where external control of file names or paths can be exercised. An authenticated user can manipulate file handling within the driver, enabling them to obtain elevated privileges on the local machine. This is a local privilege escalation vulnerability classified under CWE‑73, which denotes external control of a file name or path.

Affected Systems

This vulnerability impacts Microsoft Windows operating systems, including Windows 10 Version 21H2 and 22H2, Windows 11 Versions 22H3, 23H2, 24H2, 25H2, and 26H1, as well as Windows Server 2022, Windows Server 2025, and the Windows Server 23H2 Edition (Server Core installation). The affected releases span x86, x64, and ARM64 architectures.

Risk and Exploitability

The CVSS score of 7.8 reflects a high severity risk. EPSS information is not available, so the exploitation probability cannot be quantified. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is local, requiring an authenticated user context; an attacker can trigger the flaw by interacting with the Ancillary Function Driver for WinSock through a process that loads the driver, thereby gaining higher privileges.

Generated by OpenCVE AI on May 12, 2026 at 20:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the Microsoft security update that resolves CVE‑2026‑41088 for the relevant Windows releases.
  • Apply the latest cumulative update for the affected Windows version to ensure the Ancillary Function Driver for WinSock is replaced with the patched driver.
  • If the update is unavailable, mitigate by restricting or disabling the network service that loads the driver through Group Policy or by removing write permissions to the driver files to prevent local privilege escalation.

Generated by OpenCVE AI on May 12, 2026 at 20:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Title Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows 10 21h2
Microsoft windows 10 22h2
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2022
Microsoft windows Server 2025
Microsoft windows Server 23h2
Weaknesses CWE-73
CPEs cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows 10 21h2
Microsoft windows 10 22h2
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2022
Microsoft windows Server 2025
Microsoft windows Server 23h2
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 10 21h2 Windows 10 22h2 Windows 11 23h2 Windows 11 24h2 Windows 11 25h2 Windows 11 26h1 Windows Server 2022 Windows Server 2025 Windows Server 23h2
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-13T03:57:12.198Z

Reserved: 2026-04-16T19:12:36.194Z

Link: CVE-2026-41088

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T18:17:20.573

Modified: 2026-05-12T18:17:20.573

Link: CVE-2026-41088

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T20:15:24Z

Weaknesses