Windows 10 Microsoft Windows 10

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Windows 10.

Recent Microsoft Windows 10 Security Advisories

Advisory Title Published
CVE-2020-0569 CVE-2020-0569 Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. January 1, 2026
CVE-2021-42297 Windows 10 Update Assistant Elevation of Privilege Vulnerability November 16, 2021
CVE-2021-43211 Windows 10 Update Assistant Elevation of Privilege Vulnerability November 16, 2021
CVE-2021-36945 Windows 10 Update Assistant Elevation of Privilege Vulnerability August 10, 2021

By the Year

In 2026 there have been 721 vulnerabilities in Microsoft Windows 10 with an average score of 7.2 out of ten. Last year, in 2025 Windows 10 had 638 security vulnerabilities published. That is, 83 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.03.




Year Vulnerabilities Average Score
2026 721 7.25
2025 638 7.22
2024 528 7.36
2023 529 7.53
2022 525 7.42
2021 488 7.36
2020 834 7.33
2019 488 7.30
2018 261 7.23

It may take a day or so for new Windows 10 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Windows 10 Security Vulnerabilities

Jul 2026: Windows Boot Loader Security Feature Bypass Vulnerability
CVE-2026-58638 6 - Medium - July 14, 2026

Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.

Missing Cryptographic Step

Jul 2026: Windows Client-Side Caching Elevation of Privilege Vulnerability
CVE-2026-58637 7 - High - July 14, 2026

Use after free in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2026-58632 7.8 - High - July 14, 2026

Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2026-58629 7 - High - July 14, 2026

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: Windows Wireless Network Manager Elevation of Privilege Vulnerability
CVE-2026-58628 7.8 - High - July 14, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Wireless Networking allows an authorized attacker to elevate privileges locally.

Race Condition

Jul 2026: Windows DHCP Server Denial of Service Vulnerability
CVE-2026-58627 7.5 - High - July 14, 2026

Uncontrolled resource consumption in Windows DHCP Server allows an unauthorized attacker to deny service over a network.

Resource Exhaustion

Jul 2026: Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2026-58626 8.8 - High - July 14, 2026

Use after free in Windows Remote Desktop Services allows an authorized attacker to execute code over a network.

Dangling pointer

Jul 2026: Windows Sensor Data Service Elevation of Privilege Vulnerability
CVE-2026-58619 7 - High - July 14, 2026

Use after free in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2026-58613 7.8 - High - July 14, 2026

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-58594 8.8 - High - July 14, 2026

Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network.

Integer Overflow or Wraparound

Jul 2026: Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-58541 7.8 - High - July 14, 2026

Access of resource using incompatible type ('type confusion') in Windows DWM allows an authorized attacker to elevate privileges locally.

Object Type Confusion

Jul 2026: Windows Kernel Security Feature Bypass Vulnerability
CVE-2026-58545 5.5 - Medium - July 14, 2026

Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally.

Authorization

Jul 2026: Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
CVE-2026-58547 5.5 - Medium - July 14, 2026

Heap-based buffer overflow in Universal Plug and Play (upnp.dll) allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Jul 2026: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2026-58536 7.8 - High - July 14, 2026

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
CVE-2026-58534 8.8 - High - July 14, 2026

Heap-based buffer overflow in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Jul 2026: Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-58532 7.8 - High - July 14, 2026

Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.

Integer Overflow or Wraparound

Jul 2026: Windows Installer Elevation of Privilege Vulnerability
CVE-2026-58540 7.8 - High - July 14, 2026

Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally.

AuthZ

Jul 2026: Windows SMB Elevation of Privilege Vulnerability
CVE-2026-58531 7.5 - High - July 14, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an authorized attacker to elevate privileges over a network.

Race Condition

Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58539 6.5 - Medium - July 14, 2026

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Out-of-bounds Read

Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58546 6.5 - Medium - July 14, 2026

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Use of Uninitialized Resource

Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58535 6.5 - Medium - July 14, 2026

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Use of Uninitialized Resource

Jul 2026: Windows Bluetooth Service Elevation of Privilege Vulnerability
CVE-2026-58538 7.8 - High - July 14, 2026

Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58533 6.5 - Medium - July 14, 2026

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Use of Uninitialized Resource

Jul 2026: Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVE-2026-58530 7.8 - High - July 14, 2026

Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Jul 2026: Windows USB Audio Class Driver Information Disclosure Vulnerability
CVE-2026-58528 6.8 - Medium - July 14, 2026

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

Out-of-bounds Read

Jul 2026: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2026-57982 6.5 - Medium - July 14, 2026

Use of uninitialized resource in Windows RDP allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Jul 2026: Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
CVE-2026-57096 7.8 - High - July 14, 2026

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Jul 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-57093 7 - High - July 14, 2026

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: Extensible Storage Engine (ESENT) Elevation of Privilege Vulnerability
CVE-2026-57088 7.8 - High - July 14, 2026

Improper access control in Extensible Storage Engine (ESENT) allows an authorized attacker to elevate privileges locally.

Authorization

Jul 2026: Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
CVE-2026-57092 9.9 - Critical - July 14, 2026

Use after free in Windows VMSwitch allows an authorized attacker to elevate privileges over a network.

Dangling pointer

Jul 2026: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2026-57087 8.8 - High - July 14, 2026

Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Jul 2026: Windows SMB Server Network Transport Driver (srvnet.sys) Remote Code Execution Vulnerabili
CVE-2026-57089 7.5 - High - July 14, 2026

Use after free in Windows SMB Server Network Transport Driver (srvnet.sys) allows an unauthorized attacker to execute code over a network.

Dangling pointer

Jul 2026: Windows Print Spooler Information Disclosure Vulnerability
CVE-2026-57085 5.5 - Medium - July 14, 2026

Out-of-bounds read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Jul 2026: Windows File History Service Elevation of Privilege Vulnerability
CVE-2026-57091 7.8 - High - July 14, 2026

Stack-based buffer overflow in Windows File History Service allows an authorized attacker to elevate privileges locally.

Stack Overflow

Jul 2026: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2026-57094 8.8 - High - July 14, 2026

Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Jul 2026: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2026-57090 8.8 - High - July 14, 2026

Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Jul 2026: Win32k Elevation of Privilege Vulnerability
CVE-2026-57095 6.2 - Medium - July 14, 2026

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an unauthorized attacker to elevate privileges locally.

Information Disclosure

Jul 2026: Windows Network File System Elevation of Privilege Vulnerability
CVE-2026-56650 7.8 - High - July 14, 2026

Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Jul 2026: Windows File Explorer Information Disclosure Vulnerability
CVE-2026-57084 5.5 - Medium - July 14, 2026

Use of uninitialized resource in Windows File Explorer allows an unauthorized attacker to disclose information locally.

Use of Uninitialized Resource

Jul 2026: Windows Media Photo Codec Information Disclosure Vulnerability
CVE-2026-57083 5.5 - Medium - July 14, 2026

Use of uninitialized resource in Microsoft Windows Codecs Library allows an unauthorized attacker to disclose information locally.

Use of Uninitialized Resource

Jul 2026: Windows Network File System Remote Code Execution Vulnerability
CVE-2026-56649 5.9 - Medium - July 14, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Network File System allows an unauthorized attacker to execute code over a network.

Race Condition

Jul 2026: Windows NFS Server Elevation of Privilege Vulnerability
CVE-2026-56648 7.5 - High - July 14, 2026

Time-of-check time-of-use (toctou) race condition in Windows Network File System allows an authorized attacker to elevate privileges over a network.

TOCTTOU

Jul 2026: Windows Remote Access Service Infrastructure Elevation of Privilege Vulnerability
CVE-2026-56647 8.8 - High - July 14, 2026

Integer overflow or wraparound in Windows Remote Access Service Infrastructure allows an authorized attacker to elevate privileges over a network.

Integer Overflow or Wraparound

Jul 2026: Windows Terminal Remote Code Execution Vulnerability
CVE-2026-54124 7.8 - High - July 14, 2026

Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code locally.

Integer Overflow or Wraparound

Jul 2026: Windows NFS Server Elevation of Privilege Vulnerability
CVE-2026-56194 8.8 - High - July 14, 2026

Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges over a network.

Heap-based Buffer Overflow

Jul 2026: DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2026-56644 7.8 - High - July 14, 2026

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2026-56643 7.8 - High - July 14, 2026

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2026-56189 7.8 - High - July 14, 2026

Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Jul 2026: Windows Server Network driver Remote Code Execution Vulnerability
CVE-2026-56188 9.8 - Critical - July 14, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Network driver allows an unauthorized attacker to execute code over a network.

Race Condition

Jul 2026: Windows Secure Channel Information Disclosure Vulnerability
CVE-2026-56186 8.1 - High - July 14, 2026

Out-of-bounds read in Windows Schannel allows an authorized attacker to disclose information over a network.

Out-of-bounds Read

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Windows 10 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe