SB2026071575 - Multiple vulnerabilities in Microsoft Windows SMB
Published: July 15, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 vulnerabilities.
1) Use of uninitialized resource (CVE-ID: CVE-2026-54997)
CWE-ID: CWE-908 - Use of Uninitialized Resource
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized resources in Windows SMB. A local user can pass specially crafted data to the application, trigger uninitialized usage of resources and gain access to sensitive information on the system.
2) Incorrect Implementation of Authentication Algorithm (CVE-ID: CVE-2026-50360)
CWE-ID: CWE-303 - Incorrect Implementation of Authentication Algorithm
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to escalate privileges.
The vulnerability exists due to incorrect implementation of authentication algorithm in Windows SMB Server. A remote user can gain elevated privileges on the target system.
3) Use of uninitialized resource (CVE-ID: CVE-2026-50690)
CWE-ID: CWE-908 - Use of Uninitialized Resource
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized resources in Windows SMB. A local user can pass specially crafted data to the application, trigger uninitialized usage of resources and gain access to sensitive information on the system.
4) Use of uninitialized resource (CVE-ID: CVE-2026-49801)
CWE-ID: CWE-908 - Use of Uninitialized Resource
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized resources in Windows SMB. A local user can pass specially crafted data to the application, trigger uninitialized usage of resources and gain access to sensitive information on the system.
Remediation
Install update from vendor's website.