CVE-2026-21253
msfs.sys — use-after-free in Mailslot File System allows elevation of privilege
Summary
| Field | Value |
|---|---|
| Driver | msfs.sys (Mailslot File System) |
| Vulnerability Class | Use-After-Free |
| CVSS | 7.8 |
| Exploited ITW | No |
| Patch Date | February 11, 2026 |
Root Cause
The Mailslot File System driver mismanages object lifetimes during mailslot operations. A freed object is dereferenced through a stale pointer, and kernel memory corruption follows.
Exploitation
The attacker triggers the UAF through crafted mailslot operations. Heap spraying reclaims the freed memory for SYSTEM privilege escalation.
Exploitation Primitive
Crafted mailslot operation → UAF → heap reclaim
→ kernel corruption → SYSTEM