Home
HIGH: 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C -
affected
-
affected
-
affected
-
affected
-
affected
-
affected
-
affected
-
affected
-
affected
Description
Insufficient granularity of access control in Microsoft Surface allows an authorized attacker to elevate privileges locally.
Problem types
CWE-1220: Insufficient Granularity of Access Control
Product status
References
msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48581 (Surface Broker SDMA Elevation of Privilege Vulnerability)