highCVE-2026-58529

CVE-2026-58529 windows 11 26h1 vulnerability

Out-of-bounds read in Active Directory Federation Services (AD FS) allows an authorized attacker to disclose information over a network.

Productwindows 11 26h1
CVSS7.1
EPSS0.00947
UpdatedJuly 17, 2026

Quick answer

microsoft windows 11 26h1 should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • Review vendor advisory for affected versions.

Fixed versions

  • Apply the latest vendor-supported patched version.

How to fix it

Out-of-bounds read in Active Directory Federation Services (AD FS) allows an authorized attacker to disclose information over a network. This affects Windows systems using AD FS and can expose information over the network. Patch AD FS servers first because they often sit on important identity paths. Limit network access to identity services and review sign-in logs for unusual activity.

  1. Identify AD FS servers and Windows systems affected by CVE-2026-58529.
  2. Apply the latest Microsoft security update through your approved patch process.
  3. Prioritize internet-facing or federation-facing AD FS servers.
  4. Restrict AD FS management and service access to approved networks.
  5. Review federation, sign-in, and Windows event logs for unusual requests.
  6. Confirm TLS, WAF, and proxy controls are working as expected.
  7. Reboot patched systems if required and monitor sign-in health.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm each affected AD FS server has the Microsoft update installed.
  • Check that AD FS access paths for CVE-2026-58529 are limited to expected networks.
  • Run a safe sign-in test after patching to confirm federation still works.
  • Review logs for abnormal errors or access attempts after the update.
  • Save patch, reboot, and sign-in test evidence.

Related categories

Trusted references

FAQ

What is affected by CVE-2026-58529?

microsoft windows 11 26h1 should be checked against the vendor advisory and trusted references linked on this page.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

How are Fixnx security risk categories chosen?

Fixnx keeps one canonical risk page and assigns only broad, relevant categories such as ecosystem, technology area, or vulnerability class.