BDU:2026-08115

BDU

CriticalConfirmedExploit available

Уязвимость драйвера HTTP.sys операционной системы Windows связана с целочисленным переполнением. Эксплуатация уязвимости может позволить на…

CVSS

9.8

Critical

EPSS

0.00

Published

2026-01-01

Updated

2026-01-01

Description

Уязвимость драйвера HTTP.sys операционной системы Windows связана с целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Tags · CWE

Pre-auth

Affected products

Microsoft corp Windows_10 1607Microsoft corp Windows_10 1809Microsoft corp Windows_10 21h2Microsoft corp Windows_10 22h2Microsoft corp Windows_11 23h2Microsoft corp Windows_11 24h2Microsoft corp Windows_11 25h2Microsoft corp Windows_11 26h1Microsoft corp Windows_server_2012Microsoft corp Windows_server_2012Microsoft corp Windows_server_2012Microsoft corp Windows_server_2012Microsoft corp Windows_server_2016Microsoft corp Windows_server_2016Microsoft corp Windows_server_2019Microsoft corp Windows_server_2019Microsoft corp Windows_server_2022Microsoft corp Windows_server_2022Microsoft corp Windows_server_2025Microsoft corp Windows_server_2025

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

2026-01-01

Published

2026-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

CVE-2026-47291

github-poc · https://github.com/ManagerEmpty/CVE-2026-47291-httpsys

Enterprise

Affected products

Microsoft

Windows Windows Server 2016 Windows Server 2019 Windows Server 2012 Windows 10 1809 Windows Server 2022 Windows 10 1607 Windows 10 21h2 Windows 10 22h2 Windows 11 23h2+4

Product	Vendor	Status
windows_10 1607	microsoft corp	Tracked
windows_10 1809	microsoft corp	Tracked
windows_10 21h2	microsoft corp	Tracked
windows_10 22h2	microsoft corp	Tracked
windows_11 23h2	microsoft corp	Tracked
windows_11 24h2	microsoft corp	Tracked
windows_11 25h2	microsoft corp	Tracked
windows_11 26h1	microsoft corp	Tracked
windows_server_2012	microsoft corp	Tracked
windows_server_2012	microsoft corp	Tracked
windows_server_2012	microsoft corp	Tracked
windows_server_2012	microsoft corp	Tracked
windows_server_2016	microsoft corp	Tracked
windows_server_2016	microsoft corp	Tracked
windows_server_2019	microsoft corp	Tracked
windows_server_2019	microsoft corp	Tracked
windows_server_2022	microsoft corp	Tracked
windows_server_2022	microsoft corp	Tracked
windows_server_2025	microsoft corp	Tracked
windows_server_2025	microsoft corp	Tracked

Showing first 20 of 30

Source databases

BDU

MSR

Related vulnerabilities

CVE-2026-47291

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2026-47291@https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291