CVE-2026-50402
Incorrect conversion between numeric types in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVSS
7.8
High
EPSS
0.2%
p16
KEV
—
Exploit Today
5
0-100
Published: Jul 14, 2026 · Last modified: Jul 15, 2026 · CWE-126 · CWE-681
0.2%EPSS · 30 days0.2%
2026-07-152026-07-16
Incorrect conversion between numeric types in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-256468.1 HIG57.4%
——17LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.2dCVE-2026-52608.2 HIG50.0%
——15A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.2dCVE-2026-504686.5 MED49.6%
——15Buffer over-read in SQL Server allows an authorized attacker to disclose information over a network.3dCVE-2026-504456.5 MED47.7%
——14Buffer over-read in Windows RDP allows an unauthorized attacker to disclose information over a network.2dCVE-2026-505046.5 MED46.4%
——14Buffer over-read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.3dCVE-2026-441857.3 HIG44.6%
——13Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are recommended to upgrade to version 2.4.68, which fixes the issue.1d