CVE-2026-42904

CRITICAL

Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.

CVSS v3.1 Score

9.6

CRITICAL

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 6/9/2026Modified: 6/11/2026

Related Intelligence (2)

CRITICALZero Day

Patch Tuesday - June 2026

Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provide

CVE-2026-33825CVE-2026-45585

3d agoRapid7

CRITICALVulnerability

NVD CRITICAL: CVE-2026-42904 — Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to ...

Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.

CVE-2026-42904

3d agoNIST NVD

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42904Vendor Advisory