Black & White Path

May 18, 2026 · Information Security

Windows Kernel LPE (CVE‑2026‑40369) PoC: Privilege Escalation from Chrome Sandbox

CVE‑2026‑40369 is an arbitrary kernel‑address write bug in ntoskrnl.exe that lets a low‑privilege attacker invoke NtQuerySystemInformation from the Chrome sandbox to gain SYSTEM rights on vulnerable Windows 11 and Server 2025 builds, with a fully functional PoC released on GitHub.