VDB

GCVE-110-NCSC-2026-80

GCVE-110-NCSC-2026-80
Advisory PublishedCVSS 5.9/10
Vulnetix · Advisory published March 10, 2026
An improper access control vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.

Weaknesses (CWE)

CWE-345Insufficient Verification of Data AuthenticityCWE-416Use After FreeCWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-125Out-of-bounds ReadCWE-41Improper Resolution of Path EquivalenceCWE-122Heap-based Buffer OverflowCWE-73External Control of File Name or PathCWE-284Improper Access ControlCWE-732Incorrect Permission Assignment for Critical ResourceCWE-476NULL Pointer DereferenceCWE-287Improper AuthenticationCWE-502Deserialization of Untrusted DataCWE-369Divide By ZeroCWE-641Improper Restriction of Names for Files and Other ResourcesCWE-1287Improper Validation of Specified Type of InputCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-59Improper Link Resolution Before File Access ('Link Following')CWE-426Untrusted Search Path

Risk Scores

CVSS 3.1
5.9/10
Medium · CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

Affected Products

VendorProductVersionsPlatforms
Microsoftvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,442 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›