On June 23, 2026, Microsoft released optional preview update KB5095093, patching a storage bug in Windows 11 versions 24H2 and 25H2 that allowed a single system file to balloon out of control. The file, CapabilityAccessManager.db-wal, tucked away in the ProgramData folder, could silently consume gigabytes of storage without any warning, leaving users puzzled by vanishing free space.

The Bug: What KB5095093 Actually Fixes

KB5095093 targets a flaw in Windows’ Capability Access Manager service. That service governs how applications request and retain permissions for hardware like your microphone, camera, and location. Under the hood, it uses a SQLite database to log these permission states. The problem lies in the database’s write-ahead log file—CapabilityAccessManager.db-wal.

In a healthy system, this write-ahead log is periodically truncated and compacted into the main database. Due to a logic error, the Capability Access Manager failed to perform that cleanup cycle. Every time an app checked or changed a privacy permission, the log grew. Over weeks and months, it could swell to tens of gigabytes, squatting on the system drive with no built-in cleanup mechanism.

Microsoft acknowledged the issue in the update’s release notes, though no CVE number is assigned—it’s a reliability fix, not a security patch. The update also bundles other unspecified quality improvements common to C-release previews. Because it’s optional, you must manually seek it out via Windows Update unless you have the “Get the latest updates as soon as they’re available” toggle turned on.

Why Your Free Space Vanished

If you monitor your system drive and notice a steady, unexplained decline in free space—even after running Disk Cleanup or Storage Sense—this bug is a prime suspect. The .db-wal file sits at C:\ProgramData\Microsoft\Windows\CapabilityAccessManager\. Many storage analysis tools overlook it because it’s in a hidden and protected folder.

For home users, the impact is straightforward: diminished capacity for documents, media, and cumulative updates. For IT administrators, the file could quietly fill up endpoint drives, triggering low disk space alerts and disrupting user workflows. On shared or thin-client devices, the bloat affects multiple profiles, amplifying the problem. Notably, the bug doesn’t cause system crashes or error pop-ups—it’s a silent disk consumer.

How to Reclaim Disk Space and Stop the Leak

Action for Home Users

  1. Check if you’re affected. Open File Explorer and paste C:\ProgramData\Microsoft\Windows\CapabilityAccessManager\ into the address bar. If you see CapabilityAccessManager.db-wal and it’s large (say, over 100 MB), you’ve got bloat. Right-click and check Properties for exact size.
  2. Install KB5095093. Go to Settings > Windows Update, click “Check for updates.” If the optional update doesn’t appear, ensure “Get the latest updates as soon as they’re available” is on under Advanced options, then check again. Once installed, restart your PC.
  3. Delete the bloated file. After the update, the service will properly manage the log. However, the existing bloated file won’t shrink automatically. You can safely delete CapabilityAccessManager.db-wal — but stop the service first to avoid errors. Open Services.msc, find “Capability Access Manager Service,” stop it, delete the file, then start the service. Or, do it from Safe Mode. The service will recreate an empty log on next run.

Caution: Do not delete the main .db file; that one stores your permission settings. Only target the .db-wal file.

For IT Administrators

  • Detection script (PowerShell):
    powershell $path = "$env:ProgramData\Microsoft\Windows\CapabilityAccessManager\CapabilityAccessManager.db-wal" if (Test-Path $path) { $size = (Get-Item $path).Length / 1MB Write-Host "WAL file size: $([math]::Round($size, 2)) MB" } else { Write-Host "File not found." }
  • Remediation: Deploy KB5095093 via WSUS, Microsoft Endpoint Manager, or Windows Update for Business. If immediate deployment isn’t possible, you can clear the file centrally using a startup script or a scheduled task that stops the service, removes the file, and restarts the service—but the update is the only permanent fix.
  • The fix will be absorbed into the next mandatory cumulative update (likely July 14, 2026 Patch Tuesday). If your organization defers preview updates, you can wait for that.

The Road Ahead

Microsoft hasn’t disclosed how the bug was introduced, but the Capability Access Manager has been part of Windows since the 10 era. It’s possible that recent privacy dashboard enhancements in 24H2 inadvertently broke the log truncation logic. The fix arriving as a late-June preview means it’s been tested lightly; the full cumulative update in July will broaden its rollout.

For now, the lesson is clear: keep an eye on ProgramData when troubleshooting disk space mysteries. This isn’t the first time a Windows component has leaked storage through a log file, and it won’t be the last. The real win is that Microsoft acknowledged and addressed the issue without requiring a full OS rebuild.

If you’re on Windows 11 22H2 or 23H2, this specific bug may not apply—the advisory only named 24H2 and 25H2. But staying current on updates remains the best defense against silent storage thieves.