MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-50322 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally. | 7.0 | 0.19% | 2026-07-14 | 2026-07-16 |
| CVE-2026-50321 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Driver allows an authorized attacker to elevate privileges locally. | 7.8 | 0.19% | 2026-07-14 | 2026-07-17 |
| CVE-2026-50317 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Operating Systems allows an authorized attacker to elevate privileges locally. | 7.8 | 0.24% | 2026-07-14 | 2026-07-16 |
| CVE-2026-50305 | Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | 7.8 | 0.19% | 2026-07-14 | 2026-07-16 |
| CVE-2026-45077 | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener (Symfony\Bridge\Monolog\Command\ServerLogCommand) binds to 0.0.0.0:9911 by default and processes each received frame with unserialize(base64_decode($message)) without authentication, integrity checks, or an allowed_classes allowlist, allowing any reachable host to submit attacker-chosen serialized PHP payloads that can crash the li | 8.3 | 0.45% | 2026-07-14 | 2026-07-15 |
| CVE-2026-58636 | Improper link resolution before file access ('link following') in Window PC Manager allows an authorized attacker to elevate privileges locally. | 7.8 | 0.27% | 2026-07-14 | 2026-07-16 |
| CVE-2026-58608 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to execute code over a network. | 8.8 | 0.53% | 2026-07-14 | 2026-07-15 |
| CVE-2026-58526 | Use after free in Windows Storage allows an authorized attacker to elevate privileges locally. | 7.0 | 0.15% | 2026-07-14 | 2026-07-15 |
| CVE-2026-54999 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over an adjacent network. | 8.8 | 0.30% | 2026-07-14 | 2026-07-15 |
| CVE-2026-54996 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. | 7.0 | 0.16% | 2026-07-14 | 2026-07-15 |
| CVE-2026-54991 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. | 7.8 | 0.19% | 2026-07-14 | 2026-07-15 |
| CVE-2026-54112 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally. | 7.8 | 0.16% | 2026-07-14 | 2026-07-15 |
| CVE-2026-54111 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. | 7.0 | 0.16% | 2026-07-14 | 2026-07-15 |
| CVE-2026-54107 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally. | 8.8 | 0.19% | 2026-07-14 | 2026-07-15 |
| CVE-2026-50384 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Clip Service allows an authorized attacker to elevate privileges locally. | 7.0 | 0.16% | 2026-07-14 | 2026-07-16 |
| CVE-2026-50364 | Improper link resolution before file access ('link following') in Windows Server Backup allows an authorized attacker to elevate privileges locally. | 7.3 | 0.35% | 2026-07-14 | 2026-07-16 |
| CVE-2026-50356 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally. | 7.0 | 0.16% | 2026-07-14 | 2026-07-16 |
| CVE-2026-49808 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | 0.16% | 2026-07-14 | 2026-07-16 |
| CVE-2026-49806 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. | 7.0 | 0.16% | 2026-07-14 | 2026-07-16 |
| CVE-2026-49803 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. | 7.0 | 0.16% | 2026-07-14 | 2026-07-16 |