Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 15 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 14 Jul 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows App Installer allows an authorized attacker to elevate privileges locally. | |
| Title | Windows App Package Installer Elevation of Privilege Vulnerability | |
| First Time appeared |
Microsoft
Microsoft windows 11 23h2 Microsoft windows 11 24h2 Microsoft windows 11 25h2 Microsoft windows 11 26h1 Microsoft windows Server 2025 |
|
| Weaknesses | CWE-362 CWE-416 |
|
| CPEs | cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:* cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:* cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:* cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:* cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Microsoft
Microsoft windows 11 23h2 Microsoft windows 11 24h2 Microsoft windows 11 25h2 Microsoft windows 11 26h1 Microsoft windows Server 2025 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: microsoft
Published:
Updated: 2026-07-15T18:31:07.649Z
Reserved: 2026-05-21T20:00:35.245Z
Link: CVE-2026-48572
Updated: 2026-07-15T13:46:12.893Z
No data.
No data.
OpenCVE Enrichment
No data.