Windows 11 vulnerabilities: known CVEs & security history
Microsoft · Operating System · 599 tracked CVEs · 1 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all Windows 11 release lines — 599 in total, with 1 actively exploited in the wild. A CVE here doesn't mean your version is affected — check Windows 11's current status and the safe version to run.
Known Windows 11 CVEs
Actively-exploited and most-severe first. Showing the top 80 of 599. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2021-40449⚡ exploited | high | 7.8 | 74% | 2021 |
| CVE-2023-29412 | critical | 9.8 | 1% | 2023 |
| CVE-2023-29411 | critical | 9.8 | 1% | 2023 |
| CVE-2022-42971 | critical | 9.8 | 1% | 2023 |
| CVE-2022-42970 | critical | 9.8 | 1% | 2023 |
| CVE-2022-34722 | critical | 9.8 | 2% | 2022 |
| CVE-2022-34721 | critical | 9.8 | 79% | 2022 |
| CVE-2022-34718 | critical | 9.8 | 49% | 2022 |
| CVE-2022-30133 | critical | 9.8 | 2% | 2022 |
| CVE-2022-29130 | critical | 9.8 | 3% | 2022 |
| CVE-2022-22012 | critical | 9.8 | 4% | 2022 |
| CVE-2022-26809 | critical | 9.8 | 92% | 2022 |
| CVE-2022-24497 | critical | 9.8 | 35% | 2022 |
| CVE-2022-24491 | critical | 9.8 | 34% | 2022 |
| CVE-2022-21907 | critical | 9.8 | 93% | 2022 |
| CVE-2022-21849 | critical | 9.8 | 6% | 2022 |
| CVE-2021-43215 | critical | 9.8 | 3% | 2021 |
| CVE-2025-55526 | critical | 9.1 | 1% | 2025 |
| CVE-2022-21901 | critical | 9 | 1% | 2022 |
| CVE-2021-26443 | critical | 9 | 2% | 2021 |
| CVE-2022-41048 | high | 8.8 | 1% | 2022 |
| CVE-2022-41047 | high | 8.8 | 1% | 2022 |
| CVE-2022-38045 | high | 8.8 | 2% | 2022 |
| CVE-2022-38040 | high | 8.8 | 1% | 2022 |
| CVE-2022-38034 | high | 8.8 | 3% | 2022 |
| CVE-2022-38031 | high | 8.8 | 1% | 2022 |
| CVE-2022-38016 | high | 8.8 | 0% | 2022 |
| CVE-2022-37982 | high | 8.8 | 1% | 2022 |
| CVE-2022-37975 | high | 8.8 | 1% | 2022 |
| CVE-2022-35841 | high | 8.8 | 3% | 2022 |
| CVE-2022-35840 | high | 8.8 | 2% | 2022 |
| CVE-2022-35836 | high | 8.8 | 2% | 2022 |
| CVE-2022-35835 | high | 8.8 | 2% | 2022 |
| CVE-2022-35834 | high | 8.8 | 2% | 2022 |
| CVE-2022-34734 | high | 8.8 | 2% | 2022 |
| CVE-2022-34733 | high | 8.8 | 2% | 2022 |
| CVE-2022-34732 | high | 8.8 | 2% | 2022 |
| CVE-2022-34731 | high | 8.8 | 2% | 2022 |
| CVE-2022-34730 | high | 8.8 | 2% | 2022 |
| CVE-2022-34727 | high | 8.8 | 2% | 2022 |
| CVE-2022-34726 | high | 8.8 | 2% | 2022 |
| CVE-2022-35804 | high | 8.8 | 2% | 2022 |
| CVE-2022-34691 | high | 8.8 | 2% | 2022 |
| CVE-2022-30221 | high | 8.8 | 2% | 2022 |
| CVE-2022-30216 | high | 8.8 | 88% | 2022 |
| CVE-2022-22026 | high | 8.8 | 1% | 2022 |
| CVE-2022-30165 | high | 8.8 | 4% | 2022 |
| CVE-2022-30161 | high | 8.8 | 2% | 2022 |
| CVE-2022-30153 | high | 8.8 | 2% | 2022 |
| CVE-2022-29141 | high | 8.8 | 3% | 2022 |
| CVE-2022-29139 | high | 8.8 | 2% | 2022 |
| CVE-2022-29137 | high | 8.8 | 2% | 2022 |
| CVE-2022-29133 | high | 8.8 | 1% | 2022 |
| CVE-2022-29131 | high | 8.8 | 3% | 2022 |
| CVE-2022-29129 | high | 8.8 | 3% | 2022 |
| CVE-2022-29128 | high | 8.8 | 3% | 2022 |
| CVE-2022-26927 | high | 8.8 | 4% | 2022 |
| CVE-2022-22019 | high | 8.8 | 2% | 2022 |
| CVE-2022-22017 | high | 8.8 | 37% | 2022 |
| CVE-2022-22014 | high | 8.8 | 2% | 2022 |
| CVE-2022-22013 | high | 8.8 | 2% | 2022 |
| CVE-2022-24541 | high | 8.8 | 3% | 2022 |
| CVE-2022-24528 | high | 8.8 | 2% | 2022 |
| CVE-2022-24500 | high | 8.8 | 39% | 2022 |
| CVE-2022-24492 | high | 8.8 | 3% | 2022 |
| CVE-2022-24487 | high | 8.8 | 2% | 2022 |
| CVE-2022-23257 | high | 8.8 | 1% | 2022 |
| CVE-2022-24508 | high | 8.8 | 3% | 2022 |
| CVE-2022-23294 | high | 8.8 | 2% | 2022 |
| CVE-2022-21990 | high | 8.8 | 19% | 2022 |
| CVE-2022-21984 | high | 8.8 | 5% | 2022 |
| CVE-2022-21922 | high | 8.8 | 3% | 2022 |
| CVE-2022-21920 | high | 8.8 | 3% | 2022 |
| CVE-2022-21857 | high | 8.8 | 2% | 2022 |
| CVE-2022-21851 | high | 8.8 | 3% | 2022 |
| CVE-2022-21850 | high | 8.8 | 3% | 2022 |
| CVE-2021-42283 | high | 8.8 | 0% | 2021 |
| CVE-2021-42275 | high | 8.8 | 2% | 2021 |
| CVE-2021-38666 | high | 8.8 | 13% | 2021 |
| CVE-2021-36970 | high | 8.8 | 3% | 2021 |
519 older / lower-severity CVEs not shown — see Windows 11's full record.
Is my Windows 11 version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your Windows 11 version → · Monitor Windows 11 for new CVEs →
Windows 11 vulnerabilities — frequently asked
How many known vulnerabilities does Windows 11 have?
IsItPatched tracks 599 CVEs for Windows 11, 1 of which is actively exploited (CISA KEV). 19 are critical-severity and 435 high-severity. These span every release line — what matters is whether the version you run is affected.
Does Windows 11 have any actively-exploited vulnerabilities?
Yes — 1 Windows 11 CVE is in CISA's Known Exploited Vulnerabilities catalog, meaning it is confirmed exploited in the wild (1 linked to ransomware). Patch it as a priority.
What is the most severe Windows 11 vulnerability?
Among tracked issues, CVE-2021-40449 (HIGH, CVSS 7.8), which is actively exploited, ranks highest — a Use-after-free weakness.
Is Windows 11 safe to use?
It depends on the version. The latest supported Windows 11 release (10.0.28000) clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Windows 11 security status · Windows 11 end-of-life · actively-exploited CVEs. Always verify against Microsoft's advisories — see our disclaimer.