VDB
GCVE-110-NCSC-2026-80
GCVE-110-NCSC-2026-80
Advisory PublishedCVSS 5.9/10
An improper access control vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.
Weaknesses (CWE)
CWE-345Insufficient Verification of Data AuthenticityCWE-416Use After FreeCWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-125Out-of-bounds ReadCWE-41Improper Resolution of Path EquivalenceCWE-122Heap-based Buffer OverflowCWE-73External Control of File Name or PathCWE-284Improper Access ControlCWE-732Incorrect Permission Assignment for Critical ResourceCWE-476NULL Pointer DereferenceCWE-287Improper AuthenticationCWE-502Deserialization of Untrusted DataCWE-369Divide By ZeroCWE-641Improper Restriction of Names for Files and Other ResourcesCWE-1287Improper Validation of Specified Type of InputCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-59Improper Link Resolution Before File Access ('Link Following')CWE-426Untrusted Search Path
Risk Scores
CVSS 3.1
5.9/10
Medium · CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Microsoft | vers:unknown/* | — | — |
Aliases
CVE-2026-23656CVE-2026-23667CVE-2026-23668CVE-2026-23669CVE-2026-23671CVE-2026-23672CVE-2026-23673CVE-2026-23674CVE-2026-24282CVE-2026-24283CVE-2026-24285CVE-2026-24287CVE-2026-24288CVE-2026-24289CVE-2026-24290CVE-2026-24291CVE-2026-24292CVE-2026-24293CVE-2026-24294CVE-2026-24295CVE-2026-24296CVE-2026-24297CVE-2026-25165CVE-2026-25166CVE-2026-25167CVE-2026-25168CVE-2026-25169CVE-2026-25170CVE-2026-25171CVE-2026-25172CVE-2026-25173CVE-2026-25174CVE-2026-25175CVE-2026-25176CVE-2026-25177CVE-2026-25178CVE-2026-25179CVE-2026-25180CVE-2026-25181CVE-2026-25185CVE-2026-25186CVE-2026-25187CVE-2026-25188CVE-2026-25189CVE-2026-25190CVE-2026-26111CVE-2026-26128CVE-2026-26132
References
Browse GCVE Records
73,442 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.