CVE Catalog
CVE-2026-42907
MediumCVSS 6.5Exploitation Probability (EPSS)
Elevated risk0.82%
53th percentile - higher than 53% of all known CVEs
Summary
A vulnerability in Windows Shell allows an unauthorized actor to disclose sensitive information over the network. The attacker must be authenticated to exploit this flaw.
Risk Assessment
The organization is at risk of confidential data leakage, which could be intercepted by an authenticated attacker on the internal or external network.
Recommendation
Apply the security update provided by Microsoft in the monthly cumulative patch rollup immediately.
Original NVD description (English source)
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.

