{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-26184/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-26184"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-26184","privilege-escalation","windows"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-26184 is a high-severity vulnerability affecting the Windows Projected File System (ProjFS). This buffer over-read vulnerability allows an authenticated local attacker to elevate their privileges on a vulnerable system. Successful exploitation would grant the attacker higher-level access to the system, potentially enabling them to perform actions such as installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights. The vulnerability was reported to Microsoft and assigned a CVSS v3.1 base score of 7.8, indicating a significant risk. Affected systems require patching to prevent potential exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains initial access to the system with low-level privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious file or directory structure designed to trigger the buffer over-read in ProjFS.\u003c/li\u003e\n\u003cli\u003eThe attacker interacts with the specially crafted file or directory through the Windows Projected File System. This interaction could involve accessing, modifying, or listing the contents of the projected file system.\u003c/li\u003e\n\u003cli\u003eThe ProjFS driver attempts to read data from a buffer using an incorrect size, resulting in a buffer over-read.\u003c/li\u003e\n\u003cli\u003eThe over-read allows the attacker to read adjacent memory locations.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the memory disclosure to overwrite critical system data or function pointers within the kernel.\u003c/li\u003e\n\u003cli\u003eThe attacker executes code with elevated privileges within the kernel context.\u003c/li\u003e\n\u003cli\u003eThe attacker gains complete control over the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-26184 allows a local attacker to elevate privileges to SYSTEM, the highest level of privilege in Windows. This would grant the attacker complete control over the compromised system. There is currently no public information about real-world exploitation. Sectors at risk are broad, as Windows Projected File System is a core component in modern Windows operating systems.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update provided by Microsoft to patch CVE-2026-26184 as soon as possible. The patch can be found in the Microsoft Security Update Guide (\u003ca href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26184\"\u003ehttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26184\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eMonitor for unusual file system activity, especially related to ProjFS, by deploying the Sigma rule \u003ccode\u003eDetect Suspicious ProjFS Activity\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eMonitor for unexpected processes or kernel modules loading after the projected file system operations by deploying the Sigma rule \u003ccode\u003eDetect Potential Privilege Escalation via ProjFS\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-14T18:16:55Z","date_published":"2026-04-14T18:16:55Z","id":"/briefs/2026-04-projfs-privesc/","summary":"CVE-2026-26184 is a buffer over-read vulnerability in the Windows Projected File System (ProjFS) that allows a local attacker to elevate privileges.","title":"Windows Projected File System Buffer Over-Read Privilege Escalation (CVE-2026-26184)","url":"https://feed.craftedsignal.io/briefs/2026-04-projfs-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-26184","version":"https://jsonfeed.org/version/1.1"}