CVE-2026-48581 (GCVE-0-2026-48581)
Vulnerability from cvelistv5 – Published: 2026-07-14 17:05 – Updated: 2026-07-14 19:37
VLAI
EPSS
VEX
Title
Surface Broker SDMA Elevation of Privilege Vulnerability
Summary
Insufficient granularity of access control in Microsoft Surface allows an authorized attacker to elevate privileges locally.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Surface Go |
Affected:
-
|
|
| Microsoft | Microsoft Surface Hub |
Affected:
-
|
|
| Microsoft | Microsoft Surface Laptop Go |
Affected:
-
|
|
| Microsoft | Microsoft Surface Laptop Go 3 |
Affected:
-
|
|
| Microsoft | Microsoft Surface Pro |
Affected:
-
|
|
| Microsoft | Microsoft Surface Pro 8 |
Affected:
-
|
|
| Microsoft | Surface Laptop 4 with AMD Processor |
Affected:
-
|
|
| Microsoft | Surface Laptop 4 with Intel Processor |
Affected:
-
|
|
| Microsoft | Surface Windows Dev Kit |
Affected:
-
|
Date Public
2026-07-14 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T17:45:08.772218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T17:57:21.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Surface Go",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "Microsoft Surface Hub",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "Microsoft Surface Laptop Go",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "Microsoft Surface Laptop Go 3",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "Microsoft Surface Pro",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "Microsoft Surface Pro 8",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "Surface Laptop 4 with AMD Processor",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "Surface Laptop 4 with Intel Processor",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "Surface Windows Dev Kit",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microsoft:surface_windows_dev_kit:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:microsoft:surface_hub:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:microsoft:surface_laptop_go_2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:microsoft:surface_laptop_4_AMD_processor:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:microsoft:surface_go_2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:microsoft:surface_laptop_4_intel_processor:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:microsoft:surface_pro_8:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:microsoft:surface_laptop_go_3:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:microsoft:surface_go_3:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:microsoft:surface_pro_7:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-07-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Insufficient granularity of access control in Microsoft Surface allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220: Insufficient Granularity of Access Control",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T19:37:54.058Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Surface Broker SDMA Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48581"
}
],
"title": "Surface Broker SDMA Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-48581",
"datePublished": "2026-07-14T17:05:46.776Z",
"dateReserved": "2026-05-21T20:00:35.246Z",
"dateUpdated": "2026-07-14T19:37:54.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-48581\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2026-07-14T17:16:50.767\",\"lastModified\":\"2026-07-14T20:34:49.033\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient granularity of access control in Microsoft Surface allows an authorized attacker to elevate privileges locally.\"}],\"affected\":[{\"source\":\"secure@microsoft.com\",\"affectedData\":[{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Surface Go\",\"versions\":[{\"version\":\"-\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Surface Hub\",\"versions\":[{\"version\":\"-\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Surface Laptop Go\",\"versions\":[{\"version\":\"-\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Surface Laptop Go 3\",\"versions\":[{\"version\":\"-\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Surface Pro\",\"versions\":[{\"version\":\"-\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Surface Pro 8\",\"versions\":[{\"version\":\"-\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Surface Laptop 4 with AMD Processor\",\"versions\":[{\"version\":\"-\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Surface Laptop 4 with Intel Processor\",\"versions\":[{\"version\":\"-\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Surface Windows Dev Kit\",\"versions\":[{\"version\":\"-\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-14T17:45:08.772218Z\",\"id\":\"CVE-2026-48581\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1220\"}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48581\",\"source\":\"secure@microsoft.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-48581\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-14T17:45:08.772218Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-14T17:45:09.739Z\"}}], \"cna\": {\"title\": \"Surface Broker SDMA Elevation of Privilege Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft Surface Go\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Surface Hub\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Surface Laptop Go\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Surface Laptop Go 3\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Surface Pro\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Surface Pro 8\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Surface Laptop 4 with AMD Processor\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Surface Laptop 4 with Intel Processor\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Surface Windows Dev Kit\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}], \"datePublic\": \"2026-07-14T14:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48581\", \"name\": \"Surface Broker SDMA Elevation of Privilege Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Insufficient granularity of access control in Microsoft Surface allows an authorized attacker to elevate privileges locally.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-1220\", \"description\": \"CWE-1220: Insufficient Granularity of Access Control\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:microsoft:surface_windows_dev_kit:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_hub:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_laptop_go_2:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_laptop_4_AMD_processor:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_go_2:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_laptop_4_intel_processor:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_pro_8:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_laptop_go_3:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_go_3:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_pro_7:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-07-14T19:37:54.058Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-48581\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-14T19:37:54.058Z\", \"dateReserved\": \"2026-05-21T20:00:35.246Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2026-07-14T17:05:46.776Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…