Time-of-check Time-of-use (TOCTOU) Race Condition in Windows and Windows Server - CVE-2026-56648
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a remote user to elevate privileges.
The vulnerability exists due to a time-of-check time-of-use race condition in Windows Network File System when handling network file system operations. A remote user can trigger the race condition to elevate privileges.
Successful exploitation requires winning a race condition and may result in SYSTEM privileges.