CVE-2026-54127 – Windows Hyper-V Elevation of Privilege Vulnerability
“A flaw inside the virtualization layer can turn local access into control over critical systems.”
A use-after-free vulnerability in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. Exploitation requires no existing privileges or user interaction, but the attack complexity is high. Successful exploitation could give an attacker greater control over the affected system and significantly impact confidentiality, integrity, and availability.
CVSS Score: 7.4
SEVERITY: Critical
THREAT:
This vulnerability affects Windows Hyper-V and could allow an attacker to elevate privileges on a vulnerable system. A successful attack may enable unauthorized access to protected resources, modification of system settings, compromise of hosted workloads, or further attacks against the virtualization environment.
EXPLOITS:
The vulnerability was not publicly disclosed at the time of publication. Microsoft assesses exploitation as less likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and the available information does not confirm the existence of publicly available proof-of-concept exploit code.
TECHNICAL SUMMARY:
The vulnerability is caused by a use-after-free condition (CWE-416) in Windows Hyper-V. The flaw occurs when the component accesses memory after it has already been released, creating memory corruption conditions that may allow privilege elevation. The CVSS v3.1 metrics identify a local attack vector, high attack complexity, no privileges required, and no user interaction. Successful exploitation could have high impact on confidentiality, integrity, and availability.
EXPLOITABILITY:
Affected products include Windows 11 versions 24H2, 25H2, and 26H1, Windows Server 2022, and Windows Server 2025, including the affected Server Core installation. Exploitation is local and requires complex conditions, but it does not require existing privileges or user interaction.
BUSINESS IMPACT:
Hyper-V environments often host business-critical servers, applications, and sensitive workloads. Successful exploitation could allow an attacker to gain elevated access, interfere with virtualized workloads, expose confidential information, disrupt hosted services, or use the affected system as a platform for further attacks.
WORKAROUND:
No mitigations or workarounds are available.
URGENCY:
This vulnerability should be prioritized because it is rated Critical and affects the Windows virtualization layer. Although exploitation requires complex conditions, no privileges or user interaction are required, and a successful attack could seriously compromise affected hosts and workloads.
Key Details
- Affected Product
- Microsoft Windows 11 24h2
- Attack Vector
- Local
- Attack Complexity
- High
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-416