CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,398 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 131 of 148
- CVE-2026-23671HIGHCVSS 7.0EG 7.02026-03-10
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally.
- CVE-2026-23883CRITICALCVSS 9.8EG 9.82026-01-19
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it again, triggering ASan UAF. A malicious se…
- CVE-2026-23884CRITICALCVSS 9.8EG 9.82026-01-19
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trig…
- CVE-2026-24082HIGHCVSS 7.8EG 7.82026-05-04
Memory Corruption when copying data from a freed source while executing performance counter deselect operation.
- CVE-2026-24187HIGHCVSS 8.8EG 8.82026-05-26
NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tam…
- CVE-2026-24200HIGHCVSS 7.0EG 7.02026-05-26
NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges…
- CVE-2026-24266HIGHCVSS 7.5EG 5.92026-07-01
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service.
- CVE-2026-24285HIGHCVSS 7.0EG 7.02026-03-10
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
- CVE-2026-24289HIGHCVSS 7.8EG 7.82026-03-10
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2026-24292HIGHCVSS 7.8EG 7.82026-03-10
Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
- CVE-2026-24295HIGHCVSS 7.0EG 7.02026-03-10
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.
- CVE-2026-2441HIGHCVSS 8.8EG 9.0⚠ KEV2026-02-13
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-24491HIGHCVSS 7.5EG 7.52026-02-09
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. This vulnerabi…
- CVE-2026-24675HIGHCVSS 7.5EG 7.52026-02-09
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusb_udev_select_interfa…
- CVE-2026-24676HIGHCVSS 7.5EG 7.52026-02-09
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin->format, leading to a use after free in audio_format_c…
- CVE-2026-24677CRITICALCVSS 9.1EG 9.12026-02-09
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecam_encoder_compress_h264 trusts server-controlled dimensions and does not validate the source buffer size, leading to an out-of-bounds read in sws_scale. T…
- CVE-2026-24678HIGHCVSS 7.5EG 7.52026-02-09
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write. This …
- CVE-2026-24680HIGHCVSS 7.5EG 7.52026-02-09
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_Pointer_Free and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.…
- CVE-2026-24681HIGHCVSS 7.5EG 7.52026-02-09
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urb_write_completion. Thi…
- CVE-2026-24683HIGHCVSS 7.5EG 7.52026-02-09
FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callbac…
- CVE-2026-24684HIGHCVSS 7.5EG 7.52026-02-09
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat…
- CVE-2026-24869HIGHCVSS 8.8EG 8.12026-01-27
Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2.
- CVE-2026-24914MEDIUMCVSS 4.0EG 4.02026-02-06
Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-24917MEDIUMCVSS 6.5EG 6.52026-02-06
UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-24927MEDIUMCVSS 5.5EG 5.52026-02-06
Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-24930HIGHCVSS 8.4EG 8.42026-02-06
UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-25087HIGHCVSS 7.0EG 7.02026-02-17
Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-buffering enabled, if the IPC file conta…
- CVE-2026-25167HIGHCVSS 7.4EG 7.42026-03-10
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
- CVE-2026-25170HIGHCVSS 7.0EG 7.02026-03-10
Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- CVE-2026-25171HIGHCVSS 7.0EG 7.02026-03-10
Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
- CVE-2026-25178HIGHCVSS 7.0EG 7.02026-03-10
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2026-25189HIGHCVSS 7.8EG 7.82026-03-10
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- CVE-2026-25507MEDIUMCVSS 6.3EG 6.32026-02-04
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a use-after-free vulnerability was reported in the BLE provisioning transport (protocomm_ble) layer. The issue can …
- CVE-2026-26107HIGHCVSS 7.8EG 7.82026-03-10
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-26132HIGHCVSS 7.8EG 7.82026-03-10
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2026-26134HIGHCVSS 7.8EG 7.82026-03-10
Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
- CVE-2026-26165HIGHCVSS 7.0EG 7.02026-04-14
Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.
- CVE-2026-26167HIGHCVSS 8.8EG 8.82026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- CVE-2026-26168HIGHCVSS 7.8EG 7.82026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2026-26172HIGHCVSS 7.8EG 7.82026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- CVE-2026-26173HIGHCVSS 7.0EG 7.02026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2026-26174HIGHCVSS 7.0EG 7.02026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
- CVE-2026-26177HIGHCVSS 7.0EG 7.02026-04-14
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2026-26181HIGHCVSS 7.8EG 7.82026-04-14
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
- CVE-2026-26182HIGHCVSS 7.0EG 7.02026-04-14
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2026-2660LOWCVSS 3.3EG 3.32026-02-18
A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. The manipulation leads to use after free. Local access is required to approach this at…
- CVE-2026-27283HIGHCVSS 7.8EG 7.82026-04-14
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in tha…
- CVE-2026-27292HIGHCVSS 7.8EG 7.82026-04-14
Adobe Framemaker versions 2022.8 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi…
- CVE-2026-2758CRITICALCVSS 9.8EG 9.82026-02-24
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
- CVE-2026-2763CRITICALCVSS 9.8EG 9.82026-02-24
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →