CVE-2026-54127 – Windows Hyper-V Elevation of Privilege Vulnerability

CVSS 7.4 IMPORTANT Critical or Zero Day – Immediate Deployment

“A flaw inside the virtualization layer can turn local access into control over critical systems.”

A use-after-free vulnerability in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. Exploitation requires no existing privileges or user interaction, but the attack complexity is high. Successful exploitation could give an attacker greater control over the affected system and significantly impact confidentiality, integrity, and availability.

CVSS Score: 7.4

SEVERITY: Critical

THREAT:
This vulnerability affects Windows Hyper-V and could allow an attacker to elevate privileges on a vulnerable system. A successful attack may enable unauthorized access to protected resources, modification of system settings, compromise of hosted workloads, or further attacks against the virtualization environment.

EXPLOITS:
The vulnerability was not publicly disclosed at the time of publication. Microsoft assesses exploitation as less likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and the available information does not confirm the existence of publicly available proof-of-concept exploit code.

TECHNICAL SUMMARY:
The vulnerability is caused by a use-after-free condition (CWE-416) in Windows Hyper-V. The flaw occurs when the component accesses memory after it has already been released, creating memory corruption conditions that may allow privilege elevation. The CVSS v3.1 metrics identify a local attack vector, high attack complexity, no privileges required, and no user interaction. Successful exploitation could have high impact on confidentiality, integrity, and availability.

EXPLOITABILITY:
Affected products include Windows 11 versions 24H2, 25H2, and 26H1, Windows Server 2022, and Windows Server 2025, including the affected Server Core installation. Exploitation is local and requires complex conditions, but it does not require existing privileges or user interaction.

BUSINESS IMPACT:
Hyper-V environments often host business-critical servers, applications, and sensitive workloads. Successful exploitation could allow an attacker to gain elevated access, interfere with virtualized workloads, expose confidential information, disrupt hosted services, or use the affected system as a platform for further attacks.

WORKAROUND:
No mitigations or workarounds are available.

URGENCY:
This vulnerability should be prioritized because it is rated Critical and affects the Windows virtualization layer. Although exploitation requires complex conditions, no privileges or user interaction are required, and a successful attack could seriously compromise affected hosts and workloads.

Key Details

Affected Product
Microsoft Windows 11 24h2
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
CWE Classification
CWE-416
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.