Windows Virtualization-Based Security (VBS) Enclave
by Microsoft
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-47159 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-21370 | Hig | 0.51 | 7.8 | 0.00 | Jan 14, 2025 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | ||
| CVE-2024-49076 | Hig | 0.51 | 7.8 | 0.01 | Dec 12, 2024 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | ||
| CVE-2025-48811 | Med | 0.44 | 6.7 | 0.00 | Jul 8, 2025 | Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-48803 | Med | 0.44 | 6.7 | 0.00 | Jul 8, 2025 | Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-27735 | Med | 0.39 | 6.0 | 0.00 | Apr 8, 2025 | Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-23670 | Med | 0.37 | 5.7 | 0.00 | Apr 14, 2026 | Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2025-21340 | Med | 0.36 | 5.5 | 0.00 | Jan 14, 2025 | Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability | ||
| CVE-2026-20935 | 0.00 | — | 0.00 | Jan 13, 2026 | Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-20938 | 0.00 | — | 0.00 | Jan 13, 2026 | Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-20819 | 0.00 | — | 0.01 | Jan 13, 2026 | Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally. |
- risk 0.51cvss 7.8epss 0.00
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
- risk 0.44cvss 6.7epss 0.00
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.7epss 0.00
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
- risk 0.39cvss 6.0epss 0.00
Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
- risk 0.37cvss 5.7epss 0.00
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
- risk 0.36cvss 5.5epss 0.00
Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
- CVE-2026-20935Jan 13, 2026risk 0.00cvss —epss 0.00
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.
- CVE-2026-20938Jan 13, 2026risk 0.00cvss —epss 0.00
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
- CVE-2026-20819Jan 13, 2026risk 0.00cvss —epss 0.01
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally.