CVE Catalog

CVE-2026-42970

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile - higher than 32% of all known CVEs

Summary

A vulnerability in Windows Push Notifications allows an authorized attacker to disclose sensitive information to an unauthorized actor locally.

Risk Assessment

The organization is at risk of confidential data leakage from the push notification service, potentially leading to privacy breaches and loss of user trust.

Recommendation

Apply the security update provided by Microsoft in the monthly cumulative patch bundle for Windows immediately.

Original NVD description (English source)

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS