CVE-2025-26686
HIGHDescription
Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
Is your site exposed to CVE-2025-26686?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| microsoft | windows_10_1507 |
| microsoft | windows_10_1507 |
| microsoft | windows_10_1607 |
| microsoft | windows_10_1607 |
| microsoft | windows_10_1809 |
| microsoft | windows_10_1809 |
| microsoft | windows_10_21h2 |
| microsoft | windows_10_22h2 |
| microsoft | windows_11_22h2 |
| microsoft | windows_11_23h2 |
| microsoft | windows_11_24h2 |
| microsoft | windows_server_2008 |
| microsoft | windows_server_2008 |
| microsoft | windows_server_2008 |
| microsoft | windows_server_2012 |
| microsoft | windows_server_2012 |
| microsoft | windows_server_2016 |
| microsoft | windows_server_2019 |
| microsoft | windows_server_2022 |
| microsoft | windows_server_2022_23h2 |
| microsoft | windows_server_2025 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-26686? +
How severe is CVE-2025-26686? +
What products are affected by CVE-2025-26686? +
How do I check if I'm vulnerable to CVE-2025-26686? +
Related Vulnerabilities
Clipboard Virtual Channel Extension Remote Code Execution Vulnerability
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over …
Microsoft Digest Authentication Remote Code Execution Vulnerability
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
Windows Remote Desktop Services Remote Code Execution Vulnerability
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over …