Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3838 articles · 175945 vulns · 37/41 feeds (7d)
← Back to list
7.5
CVE-2026-40378EXPLOITEDPATCHED
Microsoft · Windows 10 Version 1607

Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

Description

Memory allocation with excessive size value in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

Affected Products

VendorProductVersions
MicrosoftWindows 10 Version 160710.0.14393.0, 10.0.17763.0, 10.0.19044.0, 10.0.19045.0, 10.0.22631.0, 10.0.22631.0, 10.0.26100.0, 10.0.26200.0, 10.0.28000.0, 6.2.9200.0, 6.2.9200.0, 6.3.9600.0, 6.3.9600.0, 10.0.14393.0, 10.0.14393.0, 10.0.17763.0, 10.0.17763.0, 10.0.20348.0, 10.0.26100.0, 10.0.26100.0

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
microsoftwindows 10 version 21h2mitre_affected90%
microsoftwindows server 2012 r2 (server core installation)mitre_affected90%
microsoftwindows 10 version 22h2mitre_affected90%
microsoftwindows 11 version 24h2mitre_affected90%
microsoftwindows server 2019 (server core installation)mitre_affected90%

References

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40378(vendor-advisory, patch)

Related News (2 articles)

Tier C
VulDB3h ago
CVE-2026-40378 | Microsoft Windows up to Server 2025 LSASS allocation of resources
→ No new info (linked only)
Tier A
Microsoft MSRC8h ago
CVE-2026-40378 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
→ No new info (linked only)
CVSS 3.17.5 HIGH
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
10.0.14393.933910.0.17763.902010.0.19044.754810.0.19045.754810.0.22631.737610.0.26100.887510.0.26200.887510.0.28000.22696.2.9200.262266.3.9600.2329110.0.20348.538610.0.26100.33158
CWECWE-789
PublishedJul 14, 2026
Last enriched5h agov2
Trending Score67
Source articles2
Independent2
Info Completeness9/14
Missing: title, epss, kev, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHCVE-2026-56155EXPKEV
Active Directory Federation Services Elevation of Privilege Vulnerability
Trending: 139
MEDIUMCVE-2026-56164EXPKEV
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Trending: 136
HIGHCVE-2026-41091EXPKEV
Microsoft Defender Elevation of Privilege Vulnerability
Trending: 72
CRITICALCVE-2026-55040EXP
Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network.
Trending: 70
HIGHCVE-2026-50424EXP
Windows Domain Controller Denial of Service Vulnerability
Trending: 69

Pin to Dashboard

Verification

State: verified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: description, exploitAvailable, activelyExploited
Jul 14, 2026
Actively Exploited
Jul 14, 2026
Exploit Available
Jul 14, 2026
Patch Available
Jul 14, 2026

Version History

v2
Last enriched 5h ago
v2Tier A5h ago

Added a detailed description of the vulnerability and marked it as actively exploited with an exploit available.

descriptionexploitAvailableactivelyExploited
via Microsoft MSRC
v15h ago

Initial creation