CVE-2026-23762 – This vulnerability allows local unprivileged us... (How to Fix)

Q: What is the severity of CVE-2026-23762?

CVE-2026-23762 has a CVSS score of N/A (Unknown). This vulnerability allows local unprivileged users to trigger a kernel crash (Blue Screen of Death) on Windows systems by exploiting improper exception handling in VB-Audio virtual audio drivers. The flaw occurs when memory mapping fails due to exhausted virtual address space, causing a denial-of-service condition. Affected users include anyone running vulnerable versions of VB-Audio's Voicemeeter, Voicemeeter Banana, Voicemeeter Potato, Matrix, or Matrix Coconut software.

📋 TL;DR

This vulnerability allows local unprivileged users to trigger a kernel crash (Blue Screen of Death) on Windows systems by exploiting improper exception handling in VB-Audio virtual audio drivers. The flaw occurs when memory mapping fails due to exhausted virtual address space, causing a denial-of-service condition. Affected users include anyone running vulnerable versions of VB-Audio's Voicemeeter, Voicemeeter Banana, Voicemeeter Potato, Matrix, or Matrix Coconut software.

💻 Affected Systems

Products:

VB-Audio Voicemeeter
VB-Audio Voicemeeter Banana
VB-Audio Voicemeeter Potato
VB-Audio Matrix
VB-Audio Matrix Coconut

Versions: Voicemeeter: versions ending in 1.1.1.9 and earlier; Voicemeeter Banana: versions ending in 2.1.1.9 and earlier; Voicemeeter Potato: versions ending in 3.1.1.9 and earlier; Matrix: versions ending in 1.0.2.2 and earlier; Matrix Coconut: versions ending in 2.0.2.2 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with the vulnerable virtual audio drivers installed. The drivers are: vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash requiring hard reboot, potential data loss from unsaved work, and disruption of audio-dependent services.

🟠

Likely Case

Local denial-of-service attack causing system instability and temporary unavailability until reboot.

🟢

If Mitigated

Minimal impact if drivers are updated or workarounds implemented; isolated to local system only.

🌐 Internet-Facing: LOW - This is a local-only vulnerability requiring user or process execution on the target system.

🏢 Internal Only: MEDIUM - While requiring local access, unprivileged users can crash systems, potentially disrupting operations.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access but no special privileges. Public proof-of-concept code is available in security research repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor website for latest versions beyond the vulnerable version numbers listed

Vendor Advisory: https://forum.vb-audio.com/viewtopic.php?p=7527#p7527

Restart Required: Yes

Instructions:

1. Visit https://vb-audio.com/
2. Download latest version of affected software
3. Uninstall current version
4. Install updated version
5. Restart system

🔧 Temporary Workarounds

Disable vulnerable drivers

windows

Temporarily disable the affected virtual audio drivers to prevent exploitation

sc stop "VB-Audio Virtual Cable"
sc config "VB-Audio Virtual Cable" start= disabled

Remove driver files

windows

Manually delete vulnerable driver files from system

del C:\Windows\System32\drivers\vbvoicemeetervaio64*.sys
del C:\Windows\System32\drivers\vbmatrixvaio64*.sys
del C:\Windows\System32\drivers\vbaudio_vmauxvaio*.sys
del C:\Windows\System32\drivers\vbaudio_vmvaio*.sys
del C:\Windows\System32\drivers\vbaudio_vmvaio3*.sys

🧯 If You Can't Patch

Restrict local user access to systems with vulnerable drivers installed
Implement application control policies to prevent execution of exploit code

🔍 How to Verify

Check if Vulnerable:

Check installed VB-Audio software versions against affected version ranges, or verify presence of vulnerable driver files in C:\Windows\System32\drivers\

Check Version:

Check program version in Windows Add/Remove Programs or via vendor's about dialog

Verify Fix Applied:

Confirm installed version is newer than vulnerable versions listed, or verify vulnerable driver files are no longer present

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing SYSTEM_SERVICE_EXCEPTION with STATUS_NO_MEMORY
Blue screen crash dumps referencing vb-audio drivers

Network Indicators:

No network indicators - this is a local-only vulnerability

SIEM Query:

EventID=1001 AND Source="BugCheck" AND Description LIKE "%vbvoicemeeter%" OR Description LIKE "%vbmatrix%" OR Description LIKE "%vbaudio_vm%"

📊 Metadata

CVE ID: CVE-2026-23762

CVSS v3 Score: N/A (Unknown)

CWE: CWE-755

EPSS Score: 0.01% exploit probability (0.3th percentile)

Published: January 22, 2026

Last Updated: January 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-23762, you might also want to check these: