Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3994 articles · 175990 vulns · 37/41 feeds (7d)
← Back to list
7.5
CVE-2026-40378EXPLOITEDPATCHED
Microsoft · Windows 10 Version 1607

Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

Description

Memory allocation with excessive size value in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

Affected Products

VendorProductVersions
MicrosoftWindows 10 Version 160710.0.14393.0, 10.0.17763.0, 10.0.19044.0, 10.0.19045.0, 10.0.22631.0, 10.0.22631.0, 10.0.26100.0, 10.0.26200.0, 10.0.28000.0, 6.2.9200.0, 6.2.9200.0, 6.3.9600.0, 6.3.9600.0, 10.0.14393.0, 10.0.14393.0, 10.0.17763.0, 10.0.17763.0, 10.0.20348.0, 10.0.26100.0, 10.0.26100.0

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
microsoftwindows 10 version 21h2mitre_affected90%
microsoftwindows server 2012 r2 (server core installation)mitre_affected90%
microsoftwindows 10 version 22h2mitre_affected90%
microsoftwindows 11 version 24h2mitre_affected90%
microsoftwindows server 2019 (server core installation)mitre_affected90%

References

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40378(vendor-advisory, patch)

Related News (2 articles)

Tier C
VulDB4h ago
CVE-2026-40378 | Microsoft Windows up to Server 2025 LSASS allocation of resources
→ No new info (linked only)
Tier A
Microsoft MSRC9h ago
CVE-2026-40378 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
→ No new info (linked only)
CVSS 3.17.5 HIGH
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
10.0.14393.933910.0.17763.902010.0.19044.754810.0.19045.754810.0.22631.737610.0.26100.887510.0.26200.887510.0.28000.22696.2.9200.262266.3.9600.2329110.0.20348.538610.0.26100.33158
CWECWE-789
PublishedJul 14, 2026
Last enriched6h agov2
Trending Score67
Source articles2
Independent2
Info Completeness9/14
Missing: title, epss, kev, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHCVE-2026-56155EXPKEV
Active Directory Federation Services Elevation of Privilege Vulnerability
Trending: 138
MEDIUMCVE-2026-56164EXPKEV
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Trending: 135
HIGHCVE-2026-50656EXP
Microsoft Defender Elevation of Privilege Vulnerability
Trending: 100
HIGHCVE-2026-41091EXPKEV
Microsoft Defender Elevation of Privilege Vulnerability
Trending: 72
CRITICALCVE-2026-55040EXP
Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network.
Trending: 72

Pin to Dashboard

Verification

State: verified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: description, exploitAvailable, activelyExploited
Jul 14, 2026
Actively Exploited
Jul 14, 2026
Exploit Available
Jul 14, 2026
Patch Available
Jul 14, 2026

Version History

v2
Last enriched 6h ago
v2Tier A6h ago

Added a detailed description of the vulnerability and marked it as actively exploited with an exploit available.

descriptionexploitAvailableactivelyExploited
via Microsoft MSRC
v16h ago

Initial creation