Main Vulnerability Database Exploits ID:12521 - Exploit for Incorrect permission assignment for critical resource in Windows and Windows Server - CVE-2026-24291

ID:12521 - Exploit for Incorrect permission assignment for critical resource in Windows and Windows Server - CVE-2026-24291

Published: April 1, 2026

Vulnerability identifier: #VU123703

Vulnerability risk: Low

CVE-ID: CVE-2026-24291

CWE-ID: CWE-732

Exploitation vector: Local access

Vulnerable software:
Windows
Windows Server

Link to public exploit:

https://github.com/tracyliving606/RegPwn

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe). A local user can gain elevated privileges on the target system.

Remediation

Install updates from vendor's website.

ID:12521 - Exploit for Incorrect permission assignment for critical resource in Windows and Windows Server - CVE-2026-24291

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human