Information disclosure in Windows and Windows Server - CVE-2026-56184

 

Information disclosure in Windows and Windows Server - CVE-2026-56184

Published: July 17, 2026


Vulnerability identifier: #VU138120
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-56184
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Microsoft
Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to exposure of sensitive information in Windows Win32K when handling local access to kernel memory addresses. A local user can access disclosed kernel memory address information to disclose sensitive information.

The disclosed information may include certain memory addresses within kernel space, which could be leveraged for other malicious activities.


How to mitigate CVE-2026-56184

Install security update from vendor's website.

Sources