Description
Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.
Published: 2026-06-09
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a use‑after‑free vulnerability in the Windows Network Controller (NC) Host Agent that allows an attacker with authorized local privileges to cause the service to terminate and refuse to restart, resulting in a local denial of service. The weakness falls under CWE‑416 and CWE‑822, showing that unsafe memory handling can lead to a loss of service.

Affected Systems

Microsoft Windows Server 2019, Windows Server 2022, and Windows Server 2025 including their Server Core installations are affected. No specific sub‑versions are listed; all listed releases are vulnerable until a patch is deployed.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity, and with no EPSS data the likelihood of exploitation is uncertain, though the flaw requires local authorized access. It is not present in the CISA KEV catalog, implying no widespread exploitation has been documented. An attacker who can obtain local privileged credentials can exploit the vulnerability to repeatedly crash the NC Host Agent and disrupt network controller operations.

Generated by OpenCVE AI on June 9, 2026 at 18:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft cumulative update that includes a fix for the NC Host Agent use‑after‑free flaw
  • Limit local access to accounts that can run the NC Host Agent by enforcing least privilege and reviewing group policies
  • Configure monitoring to detect unexpected termination of the NC Host Agent and enable automatic restart or alerting so that the service can be recovered promptly

Generated by OpenCVE AI on June 9, 2026 at 18:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows Server 2019 (server Core Installation)
Microsoft windows Server 2025 (server Core Installation)
Vendors & Products Microsoft windows Server 2019 (server Core Installation)
Microsoft windows Server 2025 (server Core Installation)

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.
Title Windows Network Controller (NC) Host Agent Denial of Service Vulnerability
First Time appeared Microsoft
Microsoft windows Server 2019
Microsoft windows Server 2022
Microsoft windows Server 2025
Weaknesses CWE-416
CWE-822
CPEs cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows Server 2019
Microsoft windows Server 2022
Microsoft windows Server 2025
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows Server 2019 Windows Server 2019 (server Core Installation) Windows Server 2022 Windows Server 2025 Windows Server 2025 (server Core Installation)
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T21:51:30.985Z

Reserved: 2026-05-07T20:07:18.270Z

Link: CVE-2026-44805

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:16.480

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-44805

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:00:16Z

Weaknesses