CVE-2026-54991
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized
CVSS
7.8
High
EPSS
0.2%
p9
KEV
—
Exploit Today
3
0-100
Published: Jul 14, 2026 · Last modified: Jul 15, 2026 · CWE-125 · CWE-362
0.2%EPSS · 30 days0.2%
2026-07-152026-07-17
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2022-250908.1 HIG95.4%
——29Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition.9dCVE-2026-48915.3 MED92.7%
——28A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.3dCVE-2022-274067.5 HIG87.5%
——26FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.9dCVE-2022-274057.5 HIG85.0%
——25FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.9dCVE-2025-53188.1 HIG82.5%
——25A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.18dCVE-2026-506677.8 HIG80.1%
——24Concurrent execution using shared resource with improper synchronization ('race condition') in Windows NTFS allows an authorized attacker to elevate privileges locally.2d