Microsoft Windows 11 23h2
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Windows 11 23h2.
By the Year
In 2026 there have been 103 vulnerabilities in Microsoft Windows 11 23h2 with an average score of 7.1 out of ten. Last year, in 2025 Windows 11 23h2 had 663 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Windows 11 23h2 in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.15
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 103 | 7.06 |
| 2025 | 663 | 7.21 |
| 2024 | 536 | 7.34 |
| 2023 | 49 | 7.72 |
It may take a day or so for new Windows 11 23h2 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Windows 11 23h2 Security Vulnerabilities
Feb 2026: GDI+ Denial of Service Vulnerability
CVE-2026-20846
7.5 - High
- February 10, 2026
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.
Buffer Over-read
Feb 2026: Windows Kernel Information Disclosure Vulnerability
CVE-2026-21222
5.5 - Medium
- February 10, 2026
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
Insertion of Sensitive Information into Log File
Feb 2026: Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-21231
7.8 - High
- February 10, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
Race Condition
Feb 2026: Windows HTTP.sys Elevation of Privilege Vulnerability
CVE-2026-21232
7.8 - High
- February 10, 2026
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
Untrusted Pointer Dereference
Feb 2026: Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2026-21237
7 - High
- February 10, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
Race Condition
Feb 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-21238
7.8 - High
- February 10, 2026
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Authorization
Feb 2026: Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-21239
7.8 - High
- February 10, 2026
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Feb 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-21241
7 - High
- February 10, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Dangling pointer
Feb 2026: Windows HTTP.sys Elevation of Privilege Vulnerability
CVE-2026-21240
7.8 - High
- February 10, 2026
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
TOCTTOU
Feb 2026: Windows Hyper-V Remote Code Execution Vulnerability
CVE-2026-21244
7.3 - High
- February 10, 2026
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
Heap-based Buffer Overflow
Feb 2026: Windows NTLM Spoofing Vulnerability
CVE-2026-21249
3.3 - Low
- February 10, 2026
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
External Control of File Name or Path
Feb 2026: Windows Hyper-V Security Feature Bypass Vulnerability
CVE-2026-21255
8.8 - High
- February 10, 2026
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
Authorization
Feb 2026: Mailslot File System Elevation of Privilege Vulnerability
CVE-2026-21253
7 - High
- February 10, 2026
Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally.
Dangling pointer
Feb 2026: Windows Storage Elevation of Privilege Vulnerability
CVE-2026-21508
7 - High
- February 10, 2026
Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.
authentification
Feb 2026: Windows Remote Access Connection Manager Denial of Service Vulnerability
CVE-2026-21525
6.2 - Medium
- February 10, 2026
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
NULL Pointer Dereference
Feb 2026: Windows Shell Security Feature Bypass Vulnerability
CVE-2026-21510
8.8 - High
- February 10, 2026
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Protection Mechanism Failure
Feb 2026: MSHTML Framework Security Feature Bypass Vulnerability
CVE-2026-21513
8.8 - High
- February 10, 2026
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
Protection Mechanism Failure
Feb 2026: Windows Remote Desktop Services Elevation of Privilege Vulnerability
CVE-2026-21533
7.8 - High
- February 10, 2026
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
Improper Privilege Management
Feb 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-21236
7.8 - High
- February 10, 2026
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Feb 2026: Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2026-21234
7 - High
- February 10, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
Race Condition
Feb 2026: Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2026-21235
7.3 - High
- February 10, 2026
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
Dangling pointer
Feb 2026: Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2026-21242
7 - High
- February 10, 2026
Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
Dangling pointer
Feb 2026: Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2026-21246
7.8 - High
- February 10, 2026
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Feb 2026: Windows Hyper-V Remote Code Execution Vulnerability
CVE-2026-21247
7.3 - High
- February 10, 2026
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
Improper Input Validation
Feb 2026: Windows Hyper-V Remote Code Execution Vulnerability
CVE-2026-21248
7.3 - High
- February 10, 2026
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
Heap-based Buffer Overflow
Feb 2026: Desktop Window Manager Elevation of Privilege Vulnerability
CVE-2026-21519
7.8 - High
- February 10, 2026
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
Object Type Confusion
Jan 2026: Windows File Explorer Information Disclosure Vulnerability
CVE-2026-20939
5.5 - Medium
- January 13, 2026
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
Information Disclosure
Jan 2026: Windows File Explorer Information Disclosure Vulnerability
CVE-2026-20937
5.5 - Medium
- January 13, 2026
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
Information Disclosure
Jan 2026: Windows NDIS Information Disclosure Vulnerability
CVE-2026-20936
4.3 - Medium
- January 13, 2026
Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack.
Out-of-bounds Read
Jan 2026: Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability
CVE-2026-20935
6.2 - Medium
- January 13, 2026
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.
Untrusted Pointer Dereference
Jan 2026: Windows Telephony Service Elevation of Privilege Vulnerability
CVE-2026-20931
8 - High
- January 13, 2026
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
External Control of File Name or Path
Jan 2026: Windows HTTP.sys Elevation of Privilege Vulnerability
CVE-2026-20929
7.5 - High
- January 13, 2026
Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.
Authorization
Jan 2026: Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20874
7.8 - High
- January 13, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
Race Condition
Jan 2026: Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20873
7.8 - High
- January 13, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
Race Condition
Jan 2026: NTLM Hash Disclosure Spoofing Vulnerability
CVE-2026-20872
6.5 - Medium
- January 13, 2026
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
External Control of File Name or Path
Jan 2026: Desktop Window Manager Elevation of Privilege Vulnerability
CVE-2026-20871
7.8 - High
- January 13, 2026
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jan 2026: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2026-20868
8.8 - High
- January 13, 2026
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Jan 2026: Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20867
7.8 - High
- January 13, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
Race Condition
Jan 2026: Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20866
7.8 - High
- January 13, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
Race Condition
Jan 2026: Win32k Elevation of Privilege Vulnerability
CVE-2026-20863
7 - High
- January 13, 2026
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Double-free
Jan 2026: Windows Management Services Information Disclosure Vulnerability
CVE-2026-20862
5.5 - Medium
- January 13, 2026
Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.
Information Disclosure
Jan 2026: Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20861
7.8 - High
- January 13, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
Race Condition
Jan 2026: Windows WalletService Elevation of Privilege Vulnerability
CVE-2026-20853
7.4 - High
- January 13, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally.
Race Condition
Jan 2026: Windows Kerberos Elevation of Privilege Vulnerability
CVE-2026-20849
7.5 - High
- January 13, 2026
Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
Reliance on Untrusted Inputs in a Security Decision
Jan 2026: Windows SMB Server Elevation of Privilege Vulnerability
CVE-2026-20848
7.5 - High
- January 13, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
Race Condition
Jan 2026: Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
CVE-2026-20843
7.8 - High
- January 13, 2026
Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
Authorization
Jan 2026: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2026-20940
7.8 - High
- January 13, 2026
Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Untrusted Pointer Dereference
Jan 2026: Windows SMB Server Elevation of Privilege Vulnerability
CVE-2026-20934
7.5 - High
- January 13, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
Race Condition
Jan 2026: Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVE-2026-20938
7.8 - High
- January 13, 2026
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
Untrusted Pointer Dereference
Jan 2026: Windows File Explorer Information Disclosure Vulnerability
CVE-2026-20932
5.5 - Medium
- January 13, 2026
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Windows 11 23h2 or by Microsoft? Click the Watch button to subscribe.
