Command injection in Windows and Windows Server - CVE-2026-58635
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to command injection in Windows Narrator Braille when processing special elements used in a command. A local user can inject crafted command elements to escalate privileges.
Successful exploitation can execute code in the security context of the NT AUTHORITY\Network Service account.