CVE-2026-23761 – This vulnerability allows local unprivileged us... (How to Fix)

Q: What is the severity of CVE-2026-23761?

CVE-2026-23761 has a CVSS score of N/A (Unknown). This vulnerability allows local unprivileged users to trigger a kernel crash (Blue Screen of Death) on Windows systems running affected VB-Audio software. The flaw exists in virtual audio drivers that improperly initialize file object context, leading to denial-of-service when the invalid value is dereferenced. All users of VB-Audio Voicemeeter, Voicemeeter Banana, Voicemeeter Potato, VB-Audio Matrix, and Matrix Coconut with vulnerable versions are affected.

📋 TL;DR

This vulnerability allows local unprivileged users to trigger a kernel crash (Blue Screen of Death) on Windows systems running affected VB-Audio software. The flaw exists in virtual audio drivers that improperly initialize file object context, leading to denial-of-service when the invalid value is dereferenced. All users of VB-Audio Voicemeeter, Voicemeeter Banana, Voicemeeter Potato, VB-Audio Matrix, and Matrix Coconut with vulnerable versions are affected.

💻 Affected Systems

Products:

VB-Audio Voicemeeter
Voicemeeter Banana
Voicemeeter Potato
VB-Audio Matrix
Matrix Coconut

Versions: Voicemeeter: versions ending in 1.1.1.9 and earlier; Voicemeeter Banana: versions ending in 2.1.1.9 and earlier; Voicemeeter Potato: versions ending in 3.1.1.9 and earlier; VB-Audio Matrix: versions ending in 1.0.2.2 and earlier; Matrix Coconut: versions ending in 2.0.2.2 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the vulnerable virtual audio drivers to be installed and active. The drivers are: vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash requiring reboot, potential data loss from unsaved work, and disruption of audio-dependent services.

🟠

Likely Case

Local denial-of-service causing system instability and requiring reboot, affecting productivity and system availability.

🟢

If Mitigated

Minimal impact if systems are patched or workarounds applied, with only authorized users able to trigger the crash.

🌐 Internet-Facing: LOW - This is a local-only vulnerability requiring user interaction or local execution.

🏢 Internal Only: MEDIUM - Internal users with local access can cause system crashes, but requires specific software installation.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and knowledge of the special file attribute value. Public proof-of-concept code is available in the GitHub repository referenced in the CVE.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor website for latest versions beyond the vulnerable version numbers listed

Vendor Advisory: https://forum.vb-audio.com/viewtopic.php?p=7574#p7574

Restart Required: Yes

Instructions:

1. Visit https://vb-audio.com/
2. Download the latest version of your affected software
3. Uninstall the current version
4. Install the updated version
5. Restart your system

🔧 Temporary Workarounds

Disable vulnerable drivers

windows

Temporarily disable the affected virtual audio drivers to prevent exploitation

sc stop "VB-Audio Voicemeeter VAIO"
sc config "VB-Audio Voicemeeter VAIO" start= disabled
sc stop "VB-Audio Matrix VAIO"
sc config "VB-Audio Matrix VAIO" start= disabled

Remove driver permissions

windows

Restrict access to the driver files to prevent unprivileged users from triggering the vulnerability

icacls "C:\Windows\System32\drivers\vbvoicemeetervaio64*.sys" /deny Everyone:(R,X)
icacls "C:\Windows\System32\drivers\vbmatrixvaio64*.sys" /deny Everyone:(R,X)

🧯 If You Can't Patch

Uninstall the affected VB-Audio software completely
Implement strict user access controls to limit who can run applications on affected systems

🔍 How to Verify

Check if Vulnerable:

Check installed VB-Audio software versions against affected version ranges. Also check for presence of vulnerable driver files in C:\Windows\System32\drivers\

Check Version:

Check through installed programs in Control Panel or check software about/help menus for version information

Verify Fix Applied:

Verify that installed software versions are newer than the vulnerable versions listed, and check that driver files have been updated

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing SYSTEM_SERVICE_EXCEPTION with STATUS_ACCESS_VIOLATION
Bugcheck events (Event ID 1001) indicating kernel crashes
Application logs showing VB-Audio driver failures

Network Indicators:

No network indicators - this is a local vulnerability

SIEM Query:

EventID=1001 OR EventID=41 OR (EventID=1000 AND Source="Application Error" AND Description LIKE "%vbvoicemeeter%" OR Description LIKE "%vbmatrix%")

📊 Metadata

CVE ID: CVE-2026-23761

CVSS v3 Score: N/A (Unknown)

CWE: CWE-824

EPSS Score: 0.02% exploit probability (4.1th percentile)

Published: January 22, 2026

Last Updated: January 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-23761, you might also want to check these: