U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2026-40400

Change History

Initial Analysis by NIST 7/16/2026 3:44:39 PM

Action Type Old Value New Value
Added CPE Configuration

                  
                
              
OR
          *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
          *cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
          *cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.28000.2269
          *cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.28000.2269
          *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.9339
          *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.9339
          *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.17763.9020
          *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.17763.9020
          *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.26100.8875
          *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.26100.8875
          *cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.26100.33158
          *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.19044.7548
          *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.19044.7548
          *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.19044.7548
          *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.19045.7548
          *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.19045.7548
          *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.19045.7548
          *cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.26200.8875
          *cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.26200.8875
          *cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.20348.5386
          *cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:-:*:x64:* versions up to (excluding) 10.0.14393.9339
          *cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:-:*:x64:* versions up to (excluding) 10.0.17763.9020
Added Reference Type

                  
                
              
Microsoft Corporation: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40400 Types: Patch, Vendor Advisory