Primary

Context

WinFsp Race Condition Vulnerability Leading to Kernel Heap Overflow and Privilege Escalation

Vulnerability

A race condition vulnerability has been identified in WinFsp, an open-source Windows File System Proxy, in versions through 2.1.25156. This vulnerability could be exploited to cause a kernel heap overflow, potentially leading to local privilege escalation and granting system-level access.

Impact

Exploitation of this vulnerability could allow an attacker to cause a kernel heap overflow, leading to local privilege escalation and system-level access.

Remediation

Users and administrators are advised to update to WinFsp version 2.2B1 or later.

Added: Apr 27, 2026, 3:20 AM

Updated: Apr 27, 2026, 3:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.9

remediation

0.0

relevance

6.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.9

remediation

0.0

relevance

6.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WinFsp Race Condition Vulnerability Leading to Kernel Heap Overflow and Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating