8.8 CVE-2026-25177
Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
https://nvd.nist.gov/vuln/detail/CVE-2026-25177
Categories
CWE-641 : Improper Restriction of Names for Files and Other Resources
This may produce resultant weaknesses. For instance, if the names of these resources contain scripting characters, it is possible that a script may get executed in the client's browser if the application ever displays the name of the resource on a dynamically generated web page. Alternately, if the resources are consumed by some application parser, a specially crafted name can exploit some vulnerability internal to the parser, potentially resulting in execution of arbitrary code on the server machine. The problems will vary based on the context of usage of such malformed resource names and whether vulnerabilities are present in or assumptions are made by the targeted technology that would make code execution possible.
References
AFFECTED (from MITRE)
| Vendor |
Product |
Versions |
| Microsoft |
Windows 10 Version 1607 |
- 10.0.14393.0 < 10.0.14393.8957 [affected]
|
| Microsoft |
Windows 10 Version 1809 |
- 10.0.17763.0 < 10.0.17763.8511 [affected]
|
| Microsoft |
Windows 10 Version 21H2 |
- 10.0.19044.0 < 10.0.19044.7058 [affected]
|
| Microsoft |
Windows 10 Version 22H2 |
- 10.0.19045.0 < 10.0.19045.7058 [affected]
|
| Microsoft |
Windows 11 version 22H3 |
- 10.0.22631.0 < 10.0.22631.6783 [affected]
|
| Microsoft |
Windows 11 Version 23H2 |
- 10.0.22631.0 < 10.0.22631.6783 [affected]
|
| Microsoft |
Windows 11 Version 24H2 |
- 10.0.26100.0 < 10.0.26100.8037 [affected]
|
| Microsoft |
Windows 11 Version 25H2 |
- 10.0.26200.0 < 10.0.26200.8037 [affected]
|
| Microsoft |
Windows 11 version 26H1 |
- 10.0.28000.0 < 10.0.28000.1719 [affected]
|
| Microsoft |
Windows Server 2012 |
- 6.2.9200.0 < 6.2.9200.25973 [affected]
|
| Microsoft |
Windows Server 2012 (Server Core installation) |
- 6.2.9200.0 < 6.2.9200.25973 [affected]
|
| Microsoft |
Windows Server 2012 R2 |
- 6.3.9600.0 < 6.3.9600.23074 [affected]
|
| Microsoft |
Windows Server 2012 R2 (Server Core installation) |
- 6.3.9600.0 < 6.3.9600.23074 [affected]
|
| Microsoft |
Windows Server 2016 |
- 10.0.14393.0 < 10.0.14393.8957 [affected]
|
| Microsoft |
Windows Server 2016 (Server Core installation) |
- 10.0.14393.0 < 10.0.14393.8957 [affected]
|
| Microsoft |
Windows Server 2019 |
- 10.0.17763.0 < 10.0.17763.8511 [affected]
|
| Microsoft |
Windows Server 2019 (Server Core installation) |
- 10.0.17763.0 < 10.0.17763.8511 [affected]
|
| Microsoft |
Windows Server 2022 |
- 10.0.20348.0 < 10.0.20348.4893 [affected]
|
| Microsoft |
Windows Server 2022, 23H2 Edition (Server Core installation) |
- 10.0.25398.0 < 10.0.25398.2207 [affected]
|
| Microsoft |
Windows Server 2025 |
- 10.0.26100.0 < 10.0.26100.32522 [affected]
|
| Microsoft |
Windows Server 2025 (Server Core installation) |
- 10.0.26100.0 < 10.0.26100.32522 [affected]
|
| © 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. |
CPE
| cpe |
start |
end |
| Configuration 1 |
| cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* |
|
< 10.0.14393.8957 |
| cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* |
|
< 10.0.14393.8957 |
| cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
< 10.0.17763.8511 |
| cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* |
|
< 10.0.17763.8511 |
| cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* |
|
< 10.0.19044.7058 |
| cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* |
|
< 10.0.19044.7058 |
| cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* |
|
< 10.0.19044.7058 |
| cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* |
|
< 10.0.19045.7058 |
| cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* |
|
< 10.0.19045.7058 |
| cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* |
|
< 10.0.19045.7058 |
| cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* |
|
< 10.0.22631.6783 |
| cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* |
|
< 10.0.22631.6783 |
| cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* |
|
< 10.0.26100.7979 |
| cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* |
|
< 10.0.26100.7979 |
| cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* |
|
< 10.0.26200.7979 |
| cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* |
|
< 10.0.26200.7979 |
| cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* |
|
< 10.0.28000.1719 |
| cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* |
|
< 10.0.28000.1719 |
| cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* |
|
|
| cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* |
|
|
| cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
< 10.0.14393.8957 |
| cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
< 10.0.17763.8511 |
| cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* |
|
< 10.0.20348.4830 |
| cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* |
|
< 10.0.25398.2207 |
| cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:* |
|
< 10.0.26100.32463 |
REMEDIATION
EXPLOITS
Exploit-db.com
| id |
description |
date |
|
| No known exploits |
POC Github
Other Nist (github, ...)
CAPEC
Common Attack Pattern Enumerations and Classifications
| id |
description |
severity |
| No entry |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
Discover this offer
