CVE-2026-23761 is a vulnerability classified under CWE-824 (Access of Uninitialized Pointer) affecting multiple VB-Audio Software products, including Voicemeeter (Standard, Banana, Potato) and Matrix (Matrix and Matrix Coconut). The issue resides in their virtual audio drivers (e.g., vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, and related drivers) where, upon opening a handle with a specially crafted file attribute, the driver improperly initializes the FILE_OBJECT->FsContext field to a non-pointer magic value rather than a valid pointer. When subsequent I/O operations are not processed by the VB-Audio driver itself but forwarded down the Windows audio driver stack (such as via PortCls to ks.sys), the invalid FsContext pointer is dereferenced. This leads to a kernel-mode access violation, causing a SYSTEM_SERVICE_EXCEPTION Blue Screen of Death (BSoD) with STATUS_ACCESS_VIOLATION. The vulnerability can be triggered by a local unprivileged user without requiring authentication or user interaction, making it a local denial-of-service vector. The CVSS v4.0 score is 6.9 (medium severity), reflecting the ease of exploitation and impact limited to availability. No remote exploitation or privilege escalation is possible. The flaw affects versions ending in 1.1.1.9, 2.1.1.9, 3.1.1.9, 1.0.2.2, and 2.0.2.2 or earlier. No patches or known exploits are currently reported, but the vulnerability poses a risk to stability on affected Windows systems running these audio drivers.

The primary impact of CVE-2026-23761 is a denial-of-service condition caused by a kernel crash (BSoD) on Windows systems running vulnerable VB-Audio virtual audio drivers. This can disrupt audio services, potentially affecting audio production, streaming, conferencing, or other multimedia workflows relying on Voicemeeter or Matrix products. Since the flaw can be triggered by any local unprivileged user, it poses a risk in multi-user environments such as shared workstations, corporate desktops, or public access machines. Although it does not allow privilege escalation or data compromise, repeated or targeted exploitation could lead to significant operational disruption, loss of productivity, and potential downtime. Organizations relying heavily on these audio tools for critical communication or media production may experience interruptions. The lack of remote exploitability limits the threat to local attackers or malware with local code execution capabilities. However, in environments where local access is possible, the vulnerability could be leveraged to degrade system availability.

1. Monitor VB-Audio Software advisories and apply official patches or driver updates as soon as they become available to address this vulnerability. 2. Until patches are released, restrict local user access on systems running affected VB-Audio products to trusted personnel only, minimizing the risk of local exploitation. 3. Implement application whitelisting and endpoint protection controls to prevent unauthorized execution of malicious code that could trigger the vulnerability. 4. Use Windows Group Policy or local security policies to limit the ability of unprivileged users to load or interact with audio drivers if feasible. 5. Regularly audit installed audio drivers and software versions to identify vulnerable instances. 6. Consider isolating critical audio production or streaming systems from general user environments to reduce exposure. 7. Employ system monitoring to detect frequent or unusual system crashes that may indicate exploitation attempts. 8. Educate users about the risks of running untrusted software or scripts locally that might exploit this flaw. These targeted mitigations go beyond generic advice by focusing on controlling local access, driver management, and monitoring specific to the nature of this vulnerability.