Back to board Open MSRC
MSRC compact vulnerability detail

CVE-2026-40380 · Windows Volume Manager Extension Driver Remote Code Execution Vulnerability

Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.

Severity
Important
Impact
Remote Code Execution
CVSS
6.2 base · 5.4 temporal
Release
2026-05-12
Signals
Windows Volume Manager Extension Driver Remote Code Execution Exploited: No Publicly disclosed: No Exploitability: Exploitation Less Likely
CWE
CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-197: Numeric Truncation Error
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Old version New version
Description
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
FAQ / Articles
FAQ
According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? To successfully exploit this vulnerability, an attacker or the targeted user would need to achieve a high level of control over a machine, as the attack requires access to processes typically restricted from average users. Essentially, the exploitation necessitates elevated privileges on the compromised machine due to the requirement of manipulating processes beyond the reach of standard user permissions.
Volume Manager Extension Driver Remote Code Execution Vulnerability
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.