{
  "title": "Windows cldflt.sys Zero-Day: MiniPlasma Kernel LPE",
  "summary": "An unpatched local privilege escalation (LPE) zero-day named 'MiniPlasma' has been identified affecting the Windows Cloud Files Mini Filter Driver (cldflt.sys), enabling pre-authenticated local users to obtain root/SYSTEM-level execution; this article provides registry audits and event log hunting scripts.",
  "date": "2026-05-26",
  "severity": "high",
  "tags": [
    "microsoft",
    "windows",
    "zero-day",
    "privilege-escalation",
    "kernel-exploit"
  ],
  "sources_count": 2,
  "indicators": {
    "slug": "windows-miniplasma-lpe-zero-day",
    "since": "2026-05-26T00:00:00Z",
    "until": "2026-05-26T23:59:59Z",
    "ecosystem": "",
    "cves": [],
    "cwes": [
      "CWE-269",
      "CWE-119",
      "CWE-787"
    ],
    "advisoryIds": [],
    "products": [
      "Windows Cloud Files Mini Filter Driver (cldflt.sys)",
      "Windows 10",
      "Windows 11",
      "Windows Server 2019",
      "Windows Server 2022"
    ],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [],
    "urls": [],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": [
      "CldFlt",
      "cldflt.sys",
      "miniplasma",
      "Chaotic Eclipse"
    ]
  }
}