Critical Vulnerability Discovered in WinFsp File System Software

Critical Vulnerability Discovered in WinFsp File System Software

First seen 13 Jul 2026, 08:14 UTC Csa.Sg 100% similarity 72.0

Article Content

Browse articles
ThreatCluster

The Cyber Security Agency (CSA) has issued a CVE ID (CVE-2026-7162) for a critical vulnerability in WinFsp, an open-source Windows file system software. This integer overflow vulnerability could allow attackers to gain system-level access to affected systems. The vulnerability impacts WinFsp versions 2.2.26112 and earlier, and has a CVSS score of 7.8, indicating a high severity level. Users and administrators are strongly advised to update to the latest version immediately to mitigate risks. The Product Owner of WinFsp has already released a security update to address this issue. The vulnerability was disclosed as part of CSA's Responsible Vulnerability Disclosure Policy. Immediate action is recommended to prevent potential exploitation.

Key Points: • CVE-2026-7162 identifies a critical integer overflow vulnerability in WinFsp. • Affected versions include WinFsp 2.2.26112 and earlier, with a CVSS score of 7.8. • Users must update to the latest version immediately to avoid system-level access risks.

ThreatCluster AI

Timeline

2026-07-13
CVE-2026-7162 published
CSA issued a CVE ID for a critical vulnerability in WinFsp, affecting versions 2.2.26112 and earlier.
Csa.Sg
2026-07-13
Security update released
The Product Owner of WinFsp released a security update to address the identified vulnerability.
Csa.Sg

Community

Browse all →