Out-of-bounds read in Windows and Windows Server - CVE-2026-58528
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows an attacker with physical access to disclose sensitive information.
The vulnerability exists due to out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) when parsing input from a physical attack surface. An attacker with physical access can supply crafted input via a physical attack to disclose sensitive information.