{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-26172/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-26172"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-26172","privilege-escalation","race-condition","windows"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-26172 is a vulnerability affecting Windows Push Notifications. This race condition allows an authorized attacker with local access to elevate their privileges on the system. The vulnerability stems from improper synchronization when accessing shared resources, leading to unpredictable behavior and potential privilege escalation if exploited successfully. While the specific patch details and exploitation specifics are not provided in the source document, the high CVSS score indicates a significant risk if the vulnerable component is exposed or targeted. Defenders should prioritize patching this vulnerability when updates are released by Microsoft.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains initial local access to a Windows system.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious application that interacts with the Windows Push Notification service.\u003c/li\u003e\n\u003cli\u003eThe malicious application triggers concurrent execution using a shared resource within the Push Notification service.\u003c/li\u003e\n\u003cli\u003eDue to the race condition (CWE-362), the application manipulates the shared resource during a critical operation.\u003c/li\u003e\n\u003cli\u003eThis manipulation allows the attacker to bypass authorization checks or modify system settings related to user privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker escalates privileges to SYSTEM or another high-privilege account.\u003c/li\u003e\n\u003cli\u003eAttacker leverages elevated privileges to install malware, access sensitive data, or perform other unauthorized actions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-26172 enables local privilege escalation on affected Windows systems. This could allow an attacker to gain complete control of the system, potentially leading to data theft, system compromise, or further propagation of malware within the network. The impact is significant given the widespread use of Windows and the potential for automated exploitation.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch released by Microsoft to address CVE-2026-26172 on all affected Windows systems as soon as possible (reference: \u003ca href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26172)\"\u003ehttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26172)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for suspicious processes interacting with Windows Push Notification components to detect potential exploitation attempts. Use process creation logging to activate the \u0026ldquo;Detect Suspicious Push Notification Process\u0026rdquo; rule.\u003c/li\u003e\n\u003cli\u003eInvestigate any unusual activity related to privilege escalation attempts, especially those involving Windows Push Notifications.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-15T12:00:00Z","date_published":"2026-04-15T12:00:00Z","id":"/briefs/2026-04-cve-2026-26172-win-push-privesc/","summary":"CVE-2026-26172 is a race condition vulnerability in Windows Push Notifications, allowing a locally authenticated attacker to elevate privileges.","title":"Windows Push Notifications Race Condition Privilege Escalation (CVE-2026-26172)","url":"https://feed.craftedsignal.io/briefs/2026-04-cve-2026-26172-win-push-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-26172","version":"https://jsonfeed.org/version/1.1"}