CVE-2026-40413: Windows TCP/IP Null Pointer Dereference Denial of Service

hello@craftedsignal.io — Tue, 12 May 2026 18:48:39 +0000

CVE-2026-40413 is a security vulnerability affecting Windows TCP/IP. The vulnerability, a null pointer dereference, allows an unauthorized attacker within an adjacent network to trigger a denial-of-service (DoS) condition. This vulnerability was published on May 12, 2026, and has a CVSS v3.1 score of 7.4. Exploitation of this vulnerability could disrupt network services and impact the availability of affected Windows systems. Defenders should apply the patch released by Microsoft to mitigate the risk.

Attack Chain

The attacker gains access to a network adjacent to the target Windows system.
The attacker sends a specially crafted TCP/IP packet to the target system.
The Windows TCP/IP stack attempts to process the malicious packet.
During packet processing, a null pointer is dereferenced due to the crafted packet’s structure.
The null pointer dereference causes the TCP/IP service to crash.
The crashed TCP/IP service leads to a denial-of-service condition, preventing legitimate network communication.
The target system becomes unresponsive to network requests.

Impact

Successful exploitation of CVE-2026-40413 leads to a denial-of-service condition on the targeted Windows system. This can disrupt network services, impacting availability and potentially causing data loss or corruption if critical processes are interrupted. The vulnerability can be exploited by an attacker on an adjacent network, increasing the risk in environments with shared network infrastructure.

Recommendation

Apply the security update provided by Microsoft to patch CVE-2026-40413 as referenced in the advisory URL.
Monitor network traffic for anomalous TCP/IP packets originating from adjacent networks using the Sigma rule “Detect CVE-2026-40413 Exploitation Attempt — Suspicious TCP Packet”.
Enable network intrusion detection systems to identify and block potentially malicious TCP/IP packets.

CVE-2026-40401 - Windows TCP/IP Null Pointer Dereference Denial of Service

hello@craftedsignal.io — Tue, 12 May 2026 18:46:52 +0000

CVE-2026-40401 is a vulnerability affecting Windows TCP/IP, stemming from a null pointer dereference. This flaw allows an unauthorized, local attacker to trigger a denial-of-service (DoS) condition on the targeted system. The vulnerability was published by Microsoft and assigned a CVSS v3.1 base score of 7.1. An attacker leveraging this vulnerability could potentially disrupt network services and impact the availability of the system. The vulnerability requires local access and does not need user interaction to trigger the denial of service.

Attack Chain

The attacker gains local access to the targeted Windows system.
The attacker crafts a specific TCP/IP packet or network request.
The crafted packet triggers a null pointer dereference within the Windows TCP/IP stack.
The null pointer dereference causes the TCP/IP service to crash.
The crash disrupts network connectivity and related services.
The system experiences a denial-of-service condition, impacting availability.

Impact

Successful exploitation of CVE-2026-40401 can lead to a denial-of-service condition on the targeted Windows system. This disruption impacts network services, potentially affecting other applications and users relying on network connectivity. The impact is limited to local denial of service.

Recommendation

Apply the security update provided by Microsoft to patch CVE-2026-40401 as soon as possible (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40401).
Monitor systems for unexpected TCP/IP service crashes using the provided Sigma rules.

Null Pointer Dereference — CraftedSignal Threat Feed

CVE-2026-40413: Windows TCP/IP Null Pointer Dereference Denial of Service

Attack Chain

Impact

Recommendation

CVE-2026-40401 - Windows TCP/IP Null Pointer Dereference Denial of Service

Attack Chain

Impact

Recommendation