A critical alert has been issued regarding vulnerabilities in WinFSP, specifically CVE-2026-3006 and CVE-2026-7162, which could allow local privilege escalation on Windows systems. CVE-2026-7162 has a CVSS score of 7.8, and CVE-2026-3006 has a score of 7.0. Both vulnerabilities are being addressed in the WinFsp 2026 Beta2 release, with no confirmed in-the-wild exploitation reported as of now. Users are advised to update to the latest version to mitigate potential risks.
WinFsp Patches Two Privilege Escalation Flaws: CVE-2026-3006 and CVE-2026-7162 (CVSS 7.8)
CyberSIXT Evidence Panel
Article by CyberSIXT