Use-after-free in Windows and Windows Server - CVE-2026-58637
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to use-after-free in Windows Client-Side Caching (CSC) Service when handling local operations. A local user can trigger a race condition to escalate privileges.
Successful exploitation requires winning a race condition and can result in SYSTEM assigned integrity level.