CVE-2026-58598 PUBLISHED

Windows Backup Service Elevation of Privilege Vulnerability

Assigner: microsoft
Reserved: 01.07.2026 Published: 16.07.2026 Updated: 16.07.2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Backup Engine allows an authorized attacker to elevate privileges locally.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVSS Score: 7

Product Status

Vendor Microsoft
Product Windows 10 Version 21H2
Versions
  • affected from 10.0.19044.0 to 10.0.19044.7548 (excl.)
Vendor Microsoft
Product Windows 10 Version 22H2
Versions
  • Version - is affected
Vendor Microsoft
Product Windows 11 Version 24H2
Versions
  • affected from 10.0.26100.0 to 10.0.26100.8875 (excl.)
Vendor Microsoft
Product Windows 11 Version 25H2
Versions
  • affected from 10.0.26200.0 to 10.0.26100.8875 (excl.)
Vendor Microsoft
Product Windows 11 version 26H1
Versions
  • affected from 10.0.28000.0 to 10.0.28000.2525 (excl.)

References

Problem Types