CVE-2026-3006

Source
https://cve.org/CVERecord?id=CVE-2026-3006
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3006.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-3006
Published
2026-04-27T03:15:59.277Z
Modified
2026-07-15T06:09:51.622431Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Successful exploitation of the race condition vulnerability could allow an attacker to trigger a kernel heap overflow, potentially leading to local privilege escalation and granting system-level access to the affected software.

References

Affected packages

Git / github.com/winfsp/winfsp

Affected ranges

Type
GIT
Repo
https://github.com/winfsp/winfsp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

Other
GPLv3
before-rebrand-support
v0.*
v0.10
v0.11
v0.12
v0.13
v0.14
v0.16
v0.17
v0.9
v1.*
v1.0
v1.0RC1
v1.0RC2
v1.0RC3
v1.1
v1.1.17192
v1.10
v1.10B1
v1.10B2
v1.10B3
v1.10B4
v1.10B5
v1.11
v1.11B1
v1.11B2
v1.11B3
v1.11RC1
v1.1B1
v1.1B2
v1.1B3
v1.2
v1.2B1
v1.2B2
v1.2B3
v1.3B1
v1.3B2
v1.3B3
v1.4B1
v1.4B2
v1.4B3
v1.5
v1.5B1
v1.5B2
v1.5B3
v1.5B4
v1.5B5
v1.6
v1.7
v1.7B1
v1.7B2
v1.8B1
v1.8B2
v1.8B3
v1.9
v1.9B1
v1.9B2
v2.*
v2.0
v2.0B1
v2.0B2
v2.0RC1
v2.1
v2.1B1
v2.1B2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3006.json"