CVE-2026-47291: Integer overflow or wraparound in Windows HTTP.sys allows

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

• EPSS 0.2% (39.8% percentile)
• CVSS 9.8 critical

Related briefings

• Microsoft patches 206 flaws, four critical bugs likely to be exploited 2026-06-10

Browse the CVE database

Read the full analysis on IntelFusions