Mar 2026: Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vul
CVE-2026-25166 Published on March 10, 2026
Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability
Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2026-25166 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2026-25166
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft Windows 10 Version 1607:- Version 10.0.14393.0 and below 10.0.14393.8957 is affected.
- Version 10.0.17763.0 and below 10.0.17763.8511 is affected.
- Version 10.0.19044.0 and below 10.0.19044.7058 is affected.
- Version 10.0.19045.0 and below 10.0.19045.7058 is affected.
- Version 10.0.22631.0 and below 10.0.22631.6783 is affected.
- Version 10.0.22631.0 and below 10.0.22631.6783 is affected.
- Version 10.0.26100.0 and below 10.0.26100.8037 is affected.
- Version 10.0.26200.0 and below 10.0.26200.8037 is affected.
- Version 10.0.28000.0 and below 10.0.28000.1719 is affected.
- Version 10.0.28000.0 and below 10.0.28000.1719 is affected.
- Version 10.0.14393.0 and below 10.0.14393.8957 is affected.
- Version 10.0.14393.0 and below 10.0.14393.8957 is affected.
- Version 10.0.17763.0 and below 10.0.17763.8511 is affected.
- Version 10.0.17763.0 and below 10.0.17763.8511 is affected.
- Version 10.0.20348.0 and below 10.0.20348.4893 is affected.
- Version 10.0.25398.0 and below 10.0.25398.2207 is affected.