CVE-2026-47291

CRITICAL

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

CVSS v3.1 Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 6/9/2026Modified: 6/10/2026

Related Intelligence (3)

CRITICALZero Day

June Patch Tuesday marks a ‘new normal’ with over 200 CVEs, 32 rated ‘critical’

June’s Patch Tuesday security updates have arrived, with SAP fixing four critical vulnerabilities and Microsoft addressing over 200 CVEs. Microsoft’s to-do list includes fixes for three zero days, 32 patches rated as ‘critical’, and a batch of other high-risk vulnerabilities that need urgent assessment. There’s also one older flaw under exploit, and some patches affecting enterprise products for w

CVE-2026-45586CVE-2026-50507

2d agoCSO Online

CRITICALZero Day

Patch Tuesday - June 2026

Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provide

CVE-2026-33825CVE-2026-45585

3d agoRapid7

CRITICALVulnerability

NVD CRITICAL: CVE-2026-47291 — Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attack...

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

CVE-2026-47291

3d agoNIST NVD

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291Vendor Advisory