CVE-2026-3006

HIGH 7.0

Race Condition Vulnerability

CVSS Score

7.0

EPSS Score

0.0%

EPSS Percentile

0th

Successful exploitation of the race condition vulnerability could allow an attacker to trigger a kernel heap overflow, potentially leading to local privilege escalation and granting system-level access to the affected software.

Vendor	winfsp
Product	winfsp
Published	Apr 27, 2026

Stay Ahead of the Next One

Get instant alerts for winfsp winfsp

Be the first to know when new high vulnerabilities affecting winfsp winfsp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

WinFSP / WinFSP

2.1.25156 and lower

References

NVD ↗ CVE.org ↗ EPSS Data ↗

csa.gov.sg: https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-043 github.com: https://github.com/winfsp/winfsp/releases/tag/v2.2B1

Credits

Tay Kiat Loong