🟠 High  |  Source: Microsoft Security Response Center


CVE-2026-49168 is an integer overflow vulnerability in Windows Storage Spaces Direct, a feature used in Azure Stack HCI and Windows Server clusters for software-defined storage. It allows an attacker with physical access to a machine to exploit the flaw and gain elevated privileges on the system. Whilst physical access is a prerequisite — limiting opportunistic remote exploitation — the risk is significant in shared or co-located infrastructure environments.

Security Architect’s Take: Prioritise patching any Windows Server or Azure Stack HCI nodes running Storage Spaces Direct, particularly in co-location facilities or edge deployments where physical access controls may be weaker. Review your physical security posture and ensure data centre access logs are audited for unauthorised access attempts.

Original advisory: CVE-2026-49168 Storage Spaces Direct Elevation of Privilege Vulnerability