CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,398 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 129 of 148
- CVE-2026-20858HIGHCVSS 7.8EG 7.82026-01-13
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
- CVE-2026-20859HIGHCVSS 7.8EG 7.82026-01-13
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
- CVE-2026-20861HIGHCVSS 7.8EG 7.82026-01-13
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
- CVE-2026-20865HIGHCVSS 7.8EG 7.82026-01-13
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
- CVE-2026-20867HIGHCVSS 7.8EG 7.82026-01-13
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
- CVE-2026-20870HIGHCVSS 7.8EG 7.82026-01-13
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
- CVE-2026-20871HIGHCVSS 7.8EG 7.82026-01-13
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.
- CVE-2026-20873HIGHCVSS 7.8EG 7.82026-01-13
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
- CVE-2026-20874HIGHCVSS 7.8EG 7.82026-01-13
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
- CVE-2026-20877HIGHCVSS 7.8EG 7.82026-01-13
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
- CVE-2026-20918HIGHCVSS 7.8EG 7.82026-01-13
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
- CVE-2026-20920HIGHCVSS 7.8EG 7.82026-01-13
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
- CVE-2026-20923HIGHCVSS 7.8EG 7.82026-01-13
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
- CVE-2026-20924HIGHCVSS 7.8EG 7.82026-01-13
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
- CVE-2026-20950HIGHCVSS 7.8EG 7.82026-01-13
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-20952HIGHCVSS 8.4EG 8.42026-01-13
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-20953HIGHCVSS 8.4EG 8.42026-01-13
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-20968MEDIUMCVSS 6.7EG 6.72026-01-09
Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.
- CVE-2026-20971HIGHCVSS 7.8EG 7.82026-01-09
Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code.
- CVE-2026-21219HIGHCVSS 7.0EG 7.02026-01-13
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
- CVE-2026-21221HIGHCVSS 7.0EG 7.02026-01-13
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
- CVE-2026-21235HIGHCVSS 7.3EG 7.32026-02-10
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- CVE-2026-21237HIGHCVSS 7.0EG 7.02026-02-10
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
- CVE-2026-21241HIGHCVSS 7.0EG 7.02026-02-10
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2026-21242HIGHCVSS 7.0EG 7.02026-02-10
Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
- CVE-2026-21251HIGHCVSS 7.8EG 7.82026-02-10
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
- CVE-2026-21253HIGHCVSS 7.0EG 7.02026-02-10
Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally.
- CVE-2026-21287HIGHCVSS 7.8EG 7.82026-01-13
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a…
- CVE-2026-21320HIGHCVSS 7.8EG 7.82026-02-10
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim …
- CVE-2026-21323HIGHCVSS 7.8EG 7.82026-02-10
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim …
- CVE-2026-21326HIGHCVSS 7.8EG 7.82026-02-10
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim …
- CVE-2026-21329HIGHCVSS 7.8EG 7.82026-02-10
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim …
- CVE-2026-21351HIGHCVSS 7.8EG 7.82026-02-10
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim …
- CVE-2026-21380HIGHCVSS 7.8EG 7.82026-04-06
Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.
- CVE-2026-21486HIGHCVSS 7.8EG 7.82026-01-06
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow and Integer Overflow or Wraparound and Out-of-bounds Write vulnerabi…
- CVE-2026-21675CRITICALCVSS 9.8EG 9.82026-01-06
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Use After Free vulnerability in the CIccXform::Create() function, where it deletes the hint. This issue is fixe…
- CVE-2026-21908HIGHCVSS 7.1EG 7.12026-01-15
A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd …
- CVE-2026-21921MEDIUMCVSS 6.5EG 6.52026-01-15
A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS). When telemetry collect…
- CVE-2026-22165HIGHCVSS 8.1EG 8.12026-05-01
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has sys…
- CVE-2026-22166HIGHCVSS 8.1EG 9.62026-05-01
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has syste…
- CVE-2026-22264HIGHCVSS 7.4EG 7.42026-01-27
Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating excessive amounts of alerts for a single packet. Versions 8.0.3 and …
- CVE-2026-22851MEDIUMCVSS 5.9EG 5.92026-01-14
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer…
- CVE-2026-22856HIGHCVSS 8.1EG 8.12026-01-14
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial->IrpThreads while another read…
- CVE-2026-22857CRITICALCVSS 9.8EG 9.82026-01-14
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is …
- CVE-2026-22980HIGHCVSS 7.8EG 7.82026-01-23
In the Linux kernel, the following vulnerability has been resolved: nfsd: provide locking for v4_end_grace Writing to v4_end_grace can race with server shutdown and result in memory being accessed after it was freed - reclaim_str_hashtbl…
- CVE-2026-22995HIGHCVSS 7.8EG 7.82026-01-23
In the Linux kernel, the following vulnerability has been resolved: ublk: fix use-after-free in ublk_partition_scan_work A race condition exists between the async partition scan work and device teardown that can lead to a use-after-free …
- CVE-2026-23001HIGHCVSS 7.8EG 7.82026-01-25
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must c…
- CVE-2026-23010HIGHCVSS 7.8EG 7.82026-01-25
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in inet6_addr_del(). syzbot reported use-after-free of inet6_ifaddr in inet6_addr_del(). [0] The cited commit accidentally moved ipv6_del_addr(…
- CVE-2026-23012HIGHCVSS 7.8EG 7.82026-01-25
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove call_control in inactive contexts If damon_call() is executed against a DAMON context that is not running, the function returns error while keeping…
- CVE-2026-23013HIGHCVSS 7.0EG 7.82026-01-25
In the Linux kernel, the following vulnerability has been resolved: net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback octep_vf_request_irqs() requests MSI-X queue IRQs with dev_id set to ioq_vector. If request_irq() fails p…
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →