Windows HTTP.sys
by Microsoft
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1635 | Cri | 0.87 | 9.8 | 1.00 | KEV | Apr 14, 2015 | HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability." | |
| CVE-2026-47291 | Cri | 0.64 | 9.8 | 0.22 | Jun 9, 2026 | Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-20929 | 0.00 | — | 0.01 | Jan 13, 2026 | Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2022-41057 | 0.00 | — | 0.01 | Nov 9, 2022 | Windows HTTP.sys Elevation of Privilege Vulnerability |
- risk 0.87cvss 9.8epss 1.00
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
- risk 0.64cvss 9.8epss 0.22
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
- CVE-2026-20929Jan 13, 2026risk 0.00cvss —epss 0.01
Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.
- CVE-2022-41057Nov 9, 2022risk 0.00cvss —epss 0.01
Windows HTTP.sys Elevation of Privilege Vulnerability