By weakness (CWE)
CWE-197: related vulnerabilities
CVEs classified under CWE-197. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
2 published vulnerabilities
- CVE-2026-40404HIGH 7.8
A flaw in Windows' Universal Disk Format (UDF) file system driver allows a logged-in user to gain elevated privileges on their machine. An attacker with basic user access can exploit a memory corruption issue in the UDFS driver to execute code with system-level permissions, potentially taking full control of the affected computer. This is a local-only vulnerability—attackers cannot exploit it remotely—but it represents a significant post-compromise escalation path and a serious risk in multi-tenant or shared-access environments.
- CVE-2026-40409HIGH 7.8
A flaw in Windows' Universal Disk Format (UDF) file system driver allows a user with standard local access to gain elevated privileges on their machine. An attacker with a user account can craft specially formatted UDF media or manipulate UDF structures to trigger the vulnerability and execute code with system-level permissions. This is a local elevation-of-privilege issue—it requires prior access to the system but bypasses privilege boundaries to reach administrative capabilities.