VDB

GCVE-110-NCSC-2026-7

GCVE-110-NCSC-2026-7
Advisory PublishedCVSS 6.2/10
Vulnetix · Advisory published January 13, 2026
A vulnerability in Windows Remote Procedure Call allows an unauthorized local attacker to expose sensitive information, potentially compromising system confidentiality.

Weaknesses (CWE)

CWE-532Insertion of Sensitive Information into Log FileCWE-327Use of a Broken or Risky Cryptographic AlgorithmCWE-416Use After FreeCWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-908Use of Uninitialized ResourceCWE-1329Reliance on Component That is Not UpdateableCWE-266Incorrect Privilege AssignmentCWE-122Heap-based Buffer OverflowCWE-822Untrusted Pointer DereferenceCWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionCWE-280Improper Handling of Insufficient Permissions or PrivilegesCWE-125Out-of-bounds ReadCWE-415Double FreeCWE-359Exposure of Private Personal Information to an Unauthorized ActorCWE-209Generation of Error Message Containing Sensitive InformationCWE-121Stack-based Buffer OverflowCWE-843Access of Resource Using Incompatible Type ('Type Confusion')CWE-476NULL Pointer DereferenceCWE-73External Control of File Name or PathCWE-807Reliance on Untrusted Inputs in a Security DecisionCWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')CWE-59Improper Link Resolution Before File Access ('Link Following')CWE-590Free of Memory not on the HeapCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-20Improper Input ValidationCWE-693Protection Mechanism FailureCWE-284Improper Access Control

Risk Scores

CVSS 3.1
6.2/10
Medium · CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Affected Products

VendorProductVersionsPlatforms
Microsoftvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›