CVE-2026-40369 - Windows Kernel Vulnerability Allows Attackers to Modify Kernel Memory Counters
Posted: Thu May 28, 2026 10:57 am
A critical Windows kernel vulnerability, tracked as CVE-2026-40369, has been disclosed, enabling attackers to achieve full SYSTEM-level privilege escalation even from the most restricted environments, including browser sandboxes.
Discovered by security researcher Ori Nimron, the flaw affects Windows 11 versions 24H2 through 25H2 and resides in the ntoskrnl.exe component, specifically within the ExpGetProcessInformation function.
More information:
https://cybersecuritynews.com/windows-k ... erability/
Discovered by security researcher Ori Nimron, the flaw affects Windows 11 versions 24H2 through 25H2 and resides in the ntoskrnl.exe component, specifically within the ExpGetProcessInformation function.
More information:
https://cybersecuritynews.com/windows-k ... erability/