Vulnerability in Windows File System Proxy (WinFsp)
13 July 2026
CSA has issued a CVE ID to a vulnerability reported in WinFsp as part of CSA’s Responsible Vulnerability Disclosure Policy. Users and administrators of the affected product versions are advised to update to the latest version immediately.
Background
CSA has issued a CVE ID (CVE-2026-7162) to a vulnerability reported in WinFsp, an open-source Windows file system software. The Product Owner of WinFsp has released a security update to address it.
Impact
Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software. This vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 7.8 out of 10.
Affected Products
The vulnerability affects WinFsp versions 2.2.26112 and earlier.
Mitigation
Users and administrators of affected product versions are advised to update to the latest version immediately. Please refer to the update here.
Special Thanks to:
Informers: Tay Kiat Loong and uhg
Product Owner: WinFsp
References
