CVE-2026-42904
Windows TCP/IP Elevation of Privilege Vulnerability
Description
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
In plain language
AI Act nowCVE-2026-42904 is a Windows TCP/IP security flaw that can let an attacker with network access gain higher privileges; small businesses should patch quickly because the affected versions include common Windows 10/11 and Windows Server systems.
CVE-2026-42904 is a Windows TCP/IP heap-based buffer overflow that can be triggered via network traffic (no user interaction required) to achieve elevation of privilege; Microsoft has fixes available for multiple Windows 10/11 and Windows Server builds.
What to do now
- Check whether your systems run one of the affected Windows versions (Windows 10/11 and Windows Server 2012–2025, including the 26H1 extra case).
- For each affected system, confirm it is already at (or above) one of the listed fixed build numbers.
- Install the Microsoft security update for CVE-2026-42904 and reboot if your update process requires it.
- Verify update success (installed update present) and re-check the build number after reboot.
CVSS Vector Breakdown
AV:AAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:CScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
1 techniqueReferences
- Rapid7en·Rapid7 Blog·
- Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flawsen-us·BleepingComputer· Summary only·
- Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flawsen-us·BleepingComputer· Summary only·
- Microsoft June 2026 Patch Tuesday - SANS Internet Storm Centeren·SANS Internet Storm Center·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-42904 and every CVE in our database. Create a free account — no credit card required.
Create Free Account