{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3006", "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "state": "PUBLISHED", "assignerShortName": "CSA", "dateReserved": "2026-02-23T05:15:38.972Z", "datePublished": "2026-04-27T02:35:17.773Z", "dateUpdated": "2026-04-27T13:30:05.621Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "shortName": "CSA", "dateUpdated": "2026-04-27T02:35:17.773Z"}, "title": "Race Condition Vulnerability", "datePublic": "2026-04-27T02:31:00.000Z", "affected": [{"vendor": "WinFSP", "product": "WinFSP", "versions": [{"status": "affected", "version": "2.1.25156 and lower"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Successful exploitation of the race condition vulnerability could allow\nan attacker to trigger a kernel heap overflow, potentially leading to local privilege\nescalation and granting system-level access to the affected software.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Successful exploitation of the race condition vulnerability could allow\nan attacker to trigger a kernel heap overflow, potentially leading to local privilege\nescalation and granting system-level access to the affected software.</p>"}]}], "references": [{"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-043"}, {"url": "https://github.com/winfsp/winfsp/releases/tag/v2.2B1"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "solutions": [{"lang": "en", "value": "Users and administrators of affected product versions are\nadvised to update to the latest version immediately.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Users and administrators of affected product versions are\nadvised to update to the latest version immediately.</p>"}]}], "credits": [{"lang": "en", "value": "Tay Kiat Loong", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-362", "lang": "en", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T13:19:20.360368Z", "id": "CVE-2026-3006", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:30:05.621Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3006", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-27T13:19:20.360368Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:19:33.209Z"}}], "cna": {"title": "Race Condition Vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Tay Kiat Loong"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WinFSP", "product": "WinFSP", "versions": [{"status": "affected", "version": "2.1.25156 and lower"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Users and administrators of affected product versions are\nadvised to update to the latest version immediately.", "supportingMedia": [{"type": "text/html", "value": "<p>Users and administrators of affected product versions are\nadvised to update to the latest version immediately.</p>", "base64": false}]}], "datePublic": "2026-04-27T02:31:00.000Z", "references": [{"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-043"}, {"url": "https://github.com/winfsp/winfsp/releases/tag/v2.2B1"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Successful exploitation of the race condition vulnerability could allow\nan attacker to trigger a kernel heap overflow, potentially leading to local privilege\nescalation and granting system-level access to the affected software.", "supportingMedia": [{"type": "text/html", "value": "<p>Successful exploitation of the race condition vulnerability could allow\nan attacker to trigger a kernel heap overflow, potentially leading to local privilege\nescalation and granting system-level access to the affected software.</p>", "base64": false}]}], "providerMetadata": {"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "shortName": "CSA", "dateUpdated": "2026-04-27T02:35:17.773Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3006", "state": "PUBLISHED", "dateUpdated": "2026-04-27T13:30:05.621Z", "dateReserved": "2026-02-23T05:15:38.972Z", "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "datePublished": "2026-04-27T02:35:17.773Z", "assignerShortName": "CSA"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Successful exploitation of the race condition vulnerability could allow\nan attacker to trigger a kernel heap overflow, potentially leading to local privilege\nescalation and granting system-level access to the affected software."}], "id": "CVE-2026-3006", "lastModified": "2026-04-27T18:57:20.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "type": "Secondary"}]}, "published": "2026-04-27T03:15:59.277", "references": [{"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "url": "https://github.com/winfsp/winfsp/releases/tag/v2.2B1"}, {"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-043"}], "sourceIdentifier": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "winfsp: winfsp: Local privilege escalation via race condition and kernel heap overflow", "id": "2463150", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463150"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-368", "details": ["A flaw was found in winfsp. A local attacker could exploit a race condition vulnerability, which may lead to a kernel heap overflow. This could potentially result in local privilege escalation, granting the attacker system-level access to the affected software."], "name": "CVE-2026-3006", "package_state": [{"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/volsync-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}], "public_date": "2026-04-27T02:35:17Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-3006\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-3006\nhttps://github.com/winfsp/winfsp/releases/tag/v2.2B1\nhttps://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-043"], "statement": "Important: This flaw in winfsp allows a local attacker to achieve privilege escalation through a race condition and kernel heap overflow. This could grant system-level access to the affected software. Red Hat products such as rclone in Fedora and EPEL, and rhacm2/volsync-rhel9 in Red Hat Advanced Cluster Management for Kubernetes are potentially affected through transitive dependencies.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.1.25156]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "winfsp", "vendor": "winfsp"}], "analysis": {"en": {"generated_at": "2026-04-28T04:52:57.100036+00:00", "value": {"mitigation_remediation": ["Apply the latest WinFSP update (v2.2B1 or later) immediately to close the race condition flaw.", "Restrict local user permissions and isolate critical resources until the patch is installed to reduce the chance of privilege escalation.", "Monitor system logs for signs of kernel heap overflow attempts or unusual local activity and enforce strict access controls around the affected software until a definitive fix is in place."], "summary": {"action": "Immediate Patch", "impact": "Local Privilege Escalation"}, "threat_synthesis": {"affected_systems": "WinFSP (WinFSP) products are affected; the specific versions prior to the latest release are vulnerable, but the exact revision list was not provided in the description.", "description_and_impact": "A race condition exists within WinFSP that, when successfully triggered, causes a kernel heap overflow. This flaw maps to CWE-362 and CWE-368 and can allow a local attacker to execute arbitrary code with elevated system-level privileges, effectively bypassing normal access controls.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 7, an EPSS score of less than 1%, and is not listed in the CISA KEV catalog. The attack vector is inferred to be local, requiring an attacker to gain a foothold on the machine to exploit the race condition and achieve privilege escalation. Despite the low EPSS, the high impact necessitates swift remediation."}}}}, "created": "2026-04-27T20:20:15.519523+00:00", "updated": "2026-04-28T05:00:14.744833+00:00", "vendors": ["winfsp", "winfsp$PRODUCT$winfsp"]}