Sign in Subscribe

← All advisories

Unrated severityNVD Advisory· Published Mar 10, 2026· Updated Apr 22, 2026

Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability

CVE-2026-25166

Description

Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally.

Affected products

5

Microsoft/Windows ADK for Windows 10, version 2004v5
Range: -
Microsoft/Windows ADK for Windows 11, version 22H2v5
Range: -
Microsoft/Windows ADK for Windows 11, version 23H2v5
Range: -
Microsoft/Windows ADK for Windows 11, version 24H2v5
Range: -
Microsoft/Windows ADK for Windows Server 2022v5
Range: -

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25166mitrevendor-advisorypatch

News mentions

0

No linked articles in our index yet.