The vulnerability is a heap-based buffer overflow in the Windows TCP/IP stack. An attacker who can send specially crafted network packets from an adjacent network could overflow a heap buffer, leading to arbitrary memory writes. This flaw can be exploited to gain elevated privileges on the host, allowing the attacker to execute tasks with higher privileges than their original context. The weakness is mapped to CWE‑122, indicating improper handling of memory allocation.

Affected systems include Microsoft Windows 10 versions 21H2 and 22H2, Windows 11 versions 23H2, 24H2, 25H2, and 26H1, and Windows Server 2022 and 2025 (including the Server Core installation). The vulnerability applies to the specified OS releases across x86, x64, arm64, and arm64 architecture variants as referenced by the CPE entries. No other vendors or versions are listed as affected.

The flaw carries a CVSS score of 9.6, indicating a high severity with potential for complete privilege escalation. The EPSS score is not available, so the current risk of exploitation remains uncertain, and the vulnerability is not yet listed in CISA’s KEV catalog. Based on the description, the likely attack vector is via a network that shares the same broadcast domain or subnet, with the attacker positioned on the adjacent network segment. The exploit would require the ability to craft and transmit malicious packets to the vulnerable host, and success would grant the attacker administrative rights on the system. Moderately complex but no visible user interaction is needed.