SB2026071531 - Privilege escalation in Microsoft Storage Spaces Direct
Published: July 15, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Integer overflow (CVE-ID: CVE-2026-49168)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to escalate privileges on the target system.
The vulnerability exists due to integer overflow in Storage Spaces Direct. An attacker with physical access can pass specially crafted data to the application, trigger integer overflow and gain elevated privileges on the system.
Remediation
Install update from vendor's website.