Microsoft Windows 10
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Windows 10.
Recent Microsoft Windows 10 Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2020-0569 | CVE-2020-0569 Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. | January 1, 2026 |
| CVE-2021-42297 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | November 16, 2021 |
| CVE-2021-43211 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | November 16, 2021 |
| CVE-2021-36945 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | August 10, 2021 |
By the Year
In 2026 there have been 721 vulnerabilities in Microsoft Windows 10 with an average score of 7.2 out of ten. Last year, in 2025 Windows 10 had 638 security vulnerabilities published. That is, 83 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.03.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 721 | 7.25 |
| 2025 | 638 | 7.22 |
| 2024 | 528 | 7.36 |
| 2023 | 529 | 7.53 |
| 2022 | 525 | 7.42 |
| 2021 | 488 | 7.36 |
| 2020 | 834 | 7.33 |
| 2019 | 488 | 7.30 |
| 2018 | 261 | 7.23 |
It may take a day or so for new Windows 10 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Windows 10 Security Vulnerabilities
Jul 2026: Windows Boot Loader Security Feature Bypass Vulnerability
CVE-2026-58638
6 - Medium
- July 14, 2026
Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
Missing Cryptographic Step
Jul 2026: Windows Client-Side Caching Elevation of Privilege Vulnerability
CVE-2026-58637
7 - High
- July 14, 2026
Use after free in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jul 2026: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2026-58632
7.8 - High
- July 14, 2026
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jul 2026: DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2026-58629
7 - High
- July 14, 2026
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jul 2026: Windows Wireless Network Manager Elevation of Privilege Vulnerability
CVE-2026-58628
7.8 - High
- July 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Wireless Networking allows an authorized attacker to elevate privileges locally.
Race Condition
Jul 2026: Windows DHCP Server Denial of Service Vulnerability
CVE-2026-58627
7.5 - High
- July 14, 2026
Uncontrolled resource consumption in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
Resource Exhaustion
Jul 2026: Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2026-58626
8.8 - High
- July 14, 2026
Use after free in Windows Remote Desktop Services allows an authorized attacker to execute code over a network.
Dangling pointer
Jul 2026: Windows Sensor Data Service Elevation of Privilege Vulnerability
CVE-2026-58619
7 - High
- July 14, 2026
Use after free in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jul 2026: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2026-58613
7.8 - High
- July 14, 2026
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jul 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-58594
8.8 - High
- July 14, 2026
Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network.
Integer Overflow or Wraparound
Jul 2026: Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-58541
7.8 - High
- July 14, 2026
Access of resource using incompatible type ('type confusion') in Windows DWM allows an authorized attacker to elevate privileges locally.
Object Type Confusion
Jul 2026: Windows Kernel Security Feature Bypass Vulnerability
CVE-2026-58545
5.5 - Medium
- July 14, 2026
Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally.
Authorization
Jul 2026: Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
CVE-2026-58547
5.5 - Medium
- July 14, 2026
Heap-based buffer overflow in Universal Plug and Play (upnp.dll) allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Jul 2026: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2026-58536
7.8 - High
- July 14, 2026
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jul 2026: Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
CVE-2026-58534
8.8 - High
- July 14, 2026
Heap-based buffer overflow in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Jul 2026: Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-58532
7.8 - High
- July 14, 2026
Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.
Integer Overflow or Wraparound
Jul 2026: Windows Installer Elevation of Privilege Vulnerability
CVE-2026-58540
7.8 - High
- July 14, 2026
Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally.
AuthZ
Jul 2026: Windows SMB Elevation of Privilege Vulnerability
CVE-2026-58531
7.5 - High
- July 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an authorized attacker to elevate privileges over a network.
Race Condition
Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58539
6.5 - Medium
- July 14, 2026
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58546
6.5 - Medium
- July 14, 2026
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
Use of Uninitialized Resource
Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58535
6.5 - Medium
- July 14, 2026
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
Use of Uninitialized Resource
Jul 2026: Windows Bluetooth Service Elevation of Privilege Vulnerability
CVE-2026-58538
7.8 - High
- July 14, 2026
Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58533
6.5 - Medium
- July 14, 2026
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
Use of Uninitialized Resource
Jul 2026: Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVE-2026-58530
7.8 - High
- July 14, 2026
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Jul 2026: Windows USB Audio Class Driver Information Disclosure Vulnerability
CVE-2026-58528
6.8 - Medium
- July 14, 2026
Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.
Out-of-bounds Read
Jul 2026: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2026-57982
6.5 - Medium
- July 14, 2026
Use of uninitialized resource in Windows RDP allows an authorized attacker to disclose information over a network.
Use of Uninitialized Resource
Jul 2026: Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
CVE-2026-57096
7.8 - High
- July 14, 2026
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Jul 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-57093
7 - High
- July 14, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jul 2026: Extensible Storage Engine (ESENT) Elevation of Privilege Vulnerability
CVE-2026-57088
7.8 - High
- July 14, 2026
Improper access control in Extensible Storage Engine (ESENT) allows an authorized attacker to elevate privileges locally.
Authorization
Jul 2026: Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
CVE-2026-57092
9.9 - Critical
- July 14, 2026
Use after free in Windows VMSwitch allows an authorized attacker to elevate privileges over a network.
Dangling pointer
Jul 2026: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2026-57087
8.8 - High
- July 14, 2026
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Jul 2026: Windows SMB Server Network Transport Driver (srvnet.sys) Remote Code Execution Vulnerabili
CVE-2026-57089
7.5 - High
- July 14, 2026
Use after free in Windows SMB Server Network Transport Driver (srvnet.sys) allows an unauthorized attacker to execute code over a network.
Dangling pointer
Jul 2026: Windows Print Spooler Information Disclosure Vulnerability
CVE-2026-57085
5.5 - Medium
- July 14, 2026
Out-of-bounds read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Jul 2026: Windows File History Service Elevation of Privilege Vulnerability
CVE-2026-57091
7.8 - High
- July 14, 2026
Stack-based buffer overflow in Windows File History Service allows an authorized attacker to elevate privileges locally.
Stack Overflow
Jul 2026: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2026-57094
8.8 - High
- July 14, 2026
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Jul 2026: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2026-57090
8.8 - High
- July 14, 2026
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Jul 2026: Win32k Elevation of Privilege Vulnerability
CVE-2026-57095
6.2 - Medium
- July 14, 2026
Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an unauthorized attacker to elevate privileges locally.
Information Disclosure
Jul 2026: Windows Network File System Elevation of Privilege Vulnerability
CVE-2026-56650
7.8 - High
- July 14, 2026
Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Jul 2026: Windows File Explorer Information Disclosure Vulnerability
CVE-2026-57084
5.5 - Medium
- July 14, 2026
Use of uninitialized resource in Windows File Explorer allows an unauthorized attacker to disclose information locally.
Use of Uninitialized Resource
Jul 2026: Windows Media Photo Codec Information Disclosure Vulnerability
CVE-2026-57083
5.5 - Medium
- July 14, 2026
Use of uninitialized resource in Microsoft Windows Codecs Library allows an unauthorized attacker to disclose information locally.
Use of Uninitialized Resource
Jul 2026: Windows Network File System Remote Code Execution Vulnerability
CVE-2026-56649
5.9 - Medium
- July 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Network File System allows an unauthorized attacker to execute code over a network.
Race Condition
Jul 2026: Windows NFS Server Elevation of Privilege Vulnerability
CVE-2026-56648
7.5 - High
- July 14, 2026
Time-of-check time-of-use (toctou) race condition in Windows Network File System allows an authorized attacker to elevate privileges over a network.
TOCTTOU
Jul 2026: Windows Remote Access Service Infrastructure Elevation of Privilege Vulnerability
CVE-2026-56647
8.8 - High
- July 14, 2026
Integer overflow or wraparound in Windows Remote Access Service Infrastructure allows an authorized attacker to elevate privileges over a network.
Integer Overflow or Wraparound
Jul 2026: Windows Terminal Remote Code Execution Vulnerability
CVE-2026-54124
7.8 - High
- July 14, 2026
Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code locally.
Integer Overflow or Wraparound
Jul 2026: Windows NFS Server Elevation of Privilege Vulnerability
CVE-2026-56194
8.8 - High
- July 14, 2026
Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges over a network.
Heap-based Buffer Overflow
Jul 2026: DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2026-56644
7.8 - High
- July 14, 2026
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jul 2026: DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2026-56643
7.8 - High
- July 14, 2026
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jul 2026: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2026-56189
7.8 - High
- July 14, 2026
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Jul 2026: Windows Server Network driver Remote Code Execution Vulnerability
CVE-2026-56188
9.8 - Critical
- July 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Network driver allows an unauthorized attacker to execute code over a network.
Race Condition
Jul 2026: Windows Secure Channel Information Disclosure Vulnerability
CVE-2026-56186
8.1 - High
- July 14, 2026
Out-of-bounds read in Windows Schannel allows an authorized attacker to disclose information over a network.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Windows 10 or by Microsoft? Click the Watch button to subscribe.
