CVE-2026-54111

Severity CVSS v4.0:
Pending analysis
Type:
CWE-125 Out-of-bounds Read
Publication date:
14/07/2026
Last modified:
15/07/2026

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* 10.0.26100.8875 (excluding)
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* 10.0.26100.8875 (excluding)
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* 10.0.26200.8875 (excluding)
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* 10.0.26200.8875 (excluding)
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* 10.0.28000.2269 (excluding)
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* 10.0.28000.2525 (excluding)
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* 10.0.26100.33158 (excluding)


References to Advisories, Solutions, and Tools