Race condition in Windows and Windows Server - CVE-2026-58543

 

Race condition in Windows and Windows Server - CVE-2026-58543

Published: July 17, 2026


Vulnerability identifier: #VU138156
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-58543
CWE-ID: CWE-362
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Microsoft
Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows an attacker with physical access to escalate privileges.

The vulnerability exists due to concurrent execution using shared resource with improper synchronization in Windows USB Print Driver when handling concurrent operations. An attacker with physical access can trigger a race condition to escalate privileges.

Successful exploitation could result in SYSTEM privileges.


How to mitigate CVE-2026-58543

Install security update from vendor's website.

Sources