{"uuid": "11072dbb-4f82-4913-a055-b7d18272ee85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47291", "type": "seen", "source": "https://gist.github.com/alon710/3857e96eb1a5fc647ae4f1afa6b9f61c", "content": "# CVE-2026-47291: CVE-2026-47291: Remote Code Execution in Windows HTTP.sys Kernel Driver\n\n&gt; **CVSS Score:** 9.8\n&gt; **Published:** 2026-06-09\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2026-47291\n\n## Summary\nAn integer overflow vulnerability in the Windows kernel-mode HTTP driver (HTTP.sys) allows an unauthenticated remote attacker to execute arbitrary code with kernel privileges or cause a Denial of Service via a specially crafted sequence of HTTP request headers.\n\n## TL;DR\nUnauthenticated remote code execution (RCE) in Windows HTTP.sys via integer overflow in header capacity allocation.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-190, CWE-122\n- **Attack Vector**: Network (Unauthenticated)\n- **CVSS Score**: 9.8 (Critical)\n- **EPSS Score**: 0.21506 (21.51%)\n- **Impact**: Remote Code Execution (Ring 0 / SYSTEM)\n- **Exploit Status**: PoC Available / Actively Traded\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Windows 10\n- Windows 11\n- Windows Server 2012\n- Windows Server 2012 R2\n- Windows Server 2016\n- Windows Server 2019\n- Windows Server 2022\n- Windows Server 2025\n- **Windows 10**: &lt; 10.0.14393.9234 (Fixed in: `10.0.14393.9234`)\n- **Windows 11**: &lt; 10.0.22631.7219 (Fixed in: `10.0.22631.7219`)\n- **Windows Server 2022**: &lt; 10.0.20348.5256 (Fixed in: `10.0.20348.5256`)\n- **Windows Server 2025**: &lt; 10.0.26100.32995 (Fixed in: `10.0.26100.32995`)\n\n## Mitigation\n\n- Apply June 2026 cumulative Windows security update\n- Deploy Web Application Firewall (WAF) or reverse proxy to restrict maximum header count and size\n- Configure IIS registry limits for maximum request header lengths\n\n**Remediation Steps:**\n1. Locate the appropriate KB update package matching your Windows Server or Windows client build version.\n2. Initiate installation of the cumulative update package on all targeted systems.\n3. Reboot host endpoints to ensure the updated HTTP.sys kernel driver is loaded successfully.\n4. In non-patchable environments, configure HKLM\\System\\CurrentControlSet\\Services\\HTTP\\Parameters with restricted MaxFieldLength values.\n\n## References\n\n- [Microsoft Security Update Guide](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291)\n- [CVE Record Details](https://www.cve.org/CVERecord?id=CVE-2026-47291)\n- [dhmosfunk GitHub Repository](https://github.com/dhmosfunk/CVE-2026-49160-CVE-2026-47291-HTTP.sys)\n- [ManagerEmpty GitHub Repository](https://github.com/ManagerEmpty/CVE-2026-47291-httpsys)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-47291) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-06T07:58:48.825234Z"}