Windows Hyper-V
by Microsoft
CVEs (40)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-8490 | Hig | 0.55 | 8.4 | 0.04 | Oct 10, 2018 | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10,… | ||
| CVE-2026-47652 | Hig | 0.53 | 8.2 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||
| CVE-2017-0193 | Hig | 0.51 | 7.8 | 0.01 | Jun 15, 2017 | Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating… | ||
| CVE-2017-0212 | Hig | 0.49 | 7.6 | 0.01 | May 12, 2017 | Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka "Windows Hyper-V vSMB Elevation of Privilege Vulnerability". | ||
| CVE-2026-42972 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally. | ||
| CVE-2017-0169 | Med | 0.35 | 5.4 | 0.02 | Apr 12, 2017 | An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information… | ||
| CVE-2025-21333 | 0.21 | — | 0.10 | KEV | Jan 14, 2025 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | ||
| CVE-2026-21244 | 0.03 | — | 0.01 | Feb 10, 2026 | Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. | |||
| CVE-2024-43521 | 0.01 | — | 0.02 | Oct 8, 2024 | Windows Hyper-V Denial of Service Vulnerability | |||
| CVE-2023-36427 | 0.01 | — | 0.01 | Nov 14, 2023 | Windows Hyper-V Elevation of Privilege Vulnerability | |||
| CVE-2022-26785 | 0.01 | — | 0.02 | Apr 15, 2022 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | |||
| CVE-2022-26783 | 0.01 | — | 0.02 | Apr 15, 2022 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | |||
| CVE-2022-24539 | 0.01 | — | 0.03 | Apr 15, 2022 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | |||
| CVE-2022-24490 | 0.01 | — | 0.03 | Apr 15, 2022 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | |||
| CVE-2021-28444 | 0.01 | — | 0.02 | Apr 13, 2021 | Windows Hyper-V Security Feature Bypass Vulnerability | |||
| CVE-2020-0910 | 0.01 | — | 0.09 | Apr 15, 2020 | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. | |||
| CVE-2026-21255 | 0.00 | — | 0.00 | Feb 10, 2026 | Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2025-54092 | 0.00 | — | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-48002 | 0.00 | — | 0.01 | Jul 8, 2025 | Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network. | |||
| CVE-2025-24050 | 0.00 | — | 0.01 | Mar 11, 2025 | Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
- risk 0.55cvss 8.4epss 0.04
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10,…
- risk 0.53cvss 8.2epss 0.00
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating…
- risk 0.49cvss 7.6epss 0.01
Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka "Windows Hyper-V vSMB Elevation of Privilege Vulnerability".
- risk 0.36cvss 5.5epss 0.00
Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.
- risk 0.35cvss 5.4epss 0.02
An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information…
- risk 0.21cvss —epss 0.10
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
- CVE-2026-21244Feb 10, 2026risk 0.03cvss —epss 0.01
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
- CVE-2024-43521Oct 8, 2024risk 0.01cvss —epss 0.02
Windows Hyper-V Denial of Service Vulnerability
- CVE-2023-36427Nov 14, 2023risk 0.01cvss —epss 0.01
Windows Hyper-V Elevation of Privilege Vulnerability
- CVE-2022-26785Apr 15, 2022risk 0.01cvss —epss 0.02
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
- CVE-2022-26783Apr 15, 2022risk 0.01cvss —epss 0.02
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
- CVE-2022-24539Apr 15, 2022risk 0.01cvss —epss 0.03
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
- CVE-2022-24490Apr 15, 2022risk 0.01cvss —epss 0.03
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
- CVE-2021-28444Apr 13, 2021risk 0.01cvss —epss 0.02
Windows Hyper-V Security Feature Bypass Vulnerability
- CVE-2020-0910Apr 15, 2020risk 0.01cvss —epss 0.09
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.
- CVE-2026-21255Feb 10, 2026risk 0.00cvss —epss 0.00
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
- CVE-2025-54092Sep 9, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- CVE-2025-48002Jul 8, 2025risk 0.00cvss —epss 0.01
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network.
- CVE-2025-24050Mar 11, 2025risk 0.00cvss —epss 0.01
Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.
Page 1 of 2