What the vulnerability does
01Description
Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-24290
HIGH
CVE-2026-24290: Windows Projected File System Elevation of Privilege Vulnerability
CVSS base score
7.8/10
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Key dates
02Disclosure timeline
March 10, 2026
CVE published
April 14, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2023-30969 Palantir Tiles missing authentication on API endpoints
CVE-2022-23132 Incorrect permissions of [/var/run/zabbix] forces dac_override
CVE-2024-39701 Directus Incorrectly handles _in` filter
CVE-2026-34381 Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess
CVE-2021-28579 Adobe Connect improper access control could lead to privilege escalation
