CVE-2026-56186 - Windows Secure Channel Information Disclosure Vulnerability - is an out-of-bounds read issue affecting Windows Secure Channel. Microsoft rates it as an information disclosure vulnerability with CVSS v3.1 base score 8.1 (High) and temporal score 7.1. The vector is network-based, requires low privileges, and no user interaction (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H). Microsoft lists the exploit status as not publicly disclosed and not exploited, with exploit code maturity unproven. Customer action is required. This is relevant for enterprise environments because it is remotely reachable over the network, although attacker privileges are still required. Highlights: - CVSS scores: Base 8.1 - Temporal 7.1 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Information Disclosure with HIGH confidentiality impact, NONE integrity impact, and HIGH availability impact. - Exploitation likelihood: Exploitation Unlikely; network vector with LOW attack complexity, LOW privileges required, and NO user interaction, but no public exploitation reported. - Severity for enterprise: High due to network attack vector and no user interaction, but reduced relative to unauthenticated remote issues because low privileges are required and Microsoft does not indicate active exploitation. - Patch status: available; customer action required. Affected systems: - Windows 10 1607 - Windows 10 1809 - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2012 - Windows Server 2012 R2 - Windows Server 2016 - Windows Server 2019 - Windows Server 2022 - Windows Server 2025