CVE-2026-42915: Windows TCP/IP Denial of Service Vulnerability

Published Jun 9, 2026
·
Updated

Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network.

Other sources

Windows TCP/IP Denial of Service Vulnerability

Microsoft

Affected Software

35 affected componentsFixes available
Microsoft Windows TCP/IP Stack
Microsoft Windows 10=22H2
Patch available
Microsoft Windows 10=22H2
Patch available
Microsoft Windows Server 2025
Patch available
Microsoft Windows 10=22H2
Patch available
Microsoft Windows 10=21H2
Patch available
Microsoft Windows 11=26H1
Patch available
Microsoft Windows Server 2022
Patch available
Microsoft Windows 11=24H2
Patch available
Microsoft Windows 11=26H1
Patch available
Microsoft Windows Server 2025
Patch available
Microsoft Windows 11=23H2
Patch available
Microsoft Windows 11=25H2
Patch available
Microsoft Windows 11=25H2
Patch available
Microsoft Windows 11=23H2
Patch available
Microsoft Windows 11=24H2
Patch available
Microsoft Windows 10=21H2
Patch available
Microsoft Windows Server 2022
Patch available
Microsoft Windows 10=21H2
Patch available
Microsoft Windows 10 21h2<10.0.19044.7417
Microsoft Windows 10 21h2<10.0.19044.7417
Microsoft Windows 10 21h2<10.0.19044.7417
Microsoft Windows 10 22h2<10.0.19045.7417
Microsoft Windows 10 22h2<10.0.19045.7417
Microsoft Windows 10 22h2<10.0.19045.7417
Microsoft Windows 11 23h2<10.0.22631.7219
Microsoft Windows 11 23h2<10.0.22631.7219
Microsoft Windows 11 24h2<10.0.26100.8655
Microsoft Windows 11 24h2<10.0.26100.8655
Microsoft Windows 11 25h2<10.0.26200.8655
Microsoft Windows 11 25h2<10.0.26200.8655
Microsoft Windows 11 26h1<10.0.28000.2269
Microsoft Windows 11 26h1<10.0.28000.2269
Microsoft Windows Server 2022<10.0.20348.5256
Microsoft Windows Server 2025<10.0.26100.32995

Event History

Jun 9, 2026
CVE Published
via Microsoft·02:00 PM
Data Sourced
via Microsoft·02:00 PM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·02:00 PM
Affected Software
Updated
via Microsoft·02:00 PM
Description
CVE Published
via MITRE·05:06 PM
Data Sourced
via MITRE·05:06 PM
DescriptionSeverity
Data Sourced
via NVD·05:17 PM
DescriptionSeverityWeaknessAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2026-42915?

CVE-2026-42915 has a medium severity rating, scoring 5.7 on the CVSS scale.

2

What systems are affected by CVE-2026-42915?

CVE-2026-42915 affects Microsoft Windows 10, Windows 11, Windows Server 2022, Windows Server 2025, and the Microsoft Windows TCP/IP Stack.

3

How can I mitigate the risk of CVE-2026-42915?

To mitigate CVE-2026-42915, apply the latest updates and patches provided by Microsoft for the affected systems.

4

What type of attack does CVE-2026-42915 enable?

CVE-2026-42915 allows an authorized attacker to launch a denial of service attack over an adjacent network.

5

What causes CVE-2026-42915?

CVE-2026-42915 is caused by an incorrect calculation of buffer size in the Windows TCP/IP protocol stack.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203