CVE Catalog
CVE-2026-42971
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk0.46%
37th percentile - higher than 37% of all known CVEs
Summary
A vulnerability in Windows Push Notifications allows an authorized attacker to disclose sensitive information to an unauthorized actor locally.
Risk Assessment
The organization is at risk of sensitive data leakage from the push notification service, potentially leading to information confidentiality breaches.
Recommendation
Apply the security update provided by Microsoft in the latest cumulative patch as soon as possible.
Original NVD description (English source)
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

