Microsoft shipped a rare out-of-band preview update on June 23, 2026, that squashes a storage-eating bug in Windows 11 versions 24H2 and 25H2. The culprit: a write-ahead log file named CapabilityAccessManager.db-wal, which some users reported had silently ballooned to over 500 gigabytes—enough to fill a mid-sized SSD. The update, KB5095093, stops the file from growing out of control and lets affected systems reclaim the lost space.
The fix: what the update actually changes
KB5095093 is a preview update, meaning it lands ahead of July’s Patch Tuesday and is optional for users who manually check for updates. It targets a single, specific component: the Capability Access Manager service. This service governs how Windows apps request and use sensitive device capabilities—your camera, microphone, location, contacts, and more. Behind the scenes, it maintains a database journal that logs pending transactions. That journal file, CapabilityAccessManager.db-wal, sits deep inside the hidden ProgramData folder tree. Normally, it’s tiny. On a fresh Windows 11 install, you’ll find it at just a few kilobytes. The bug caused a runaway growth loop, likely triggered by repeated failed write operations that the journal kept trying to replay. Over weeks or months of uptime, the file could suck up every free gigabyte on the system drive.
Microsoft hasn’t pinned down the exact trigger in its advisory, but user reports paint a consistent picture. The issue didn’t discriminate between desktops and laptops, or between AMD and Intel hardware. It appeared sporadically, often going unnoticed until Windows started throwing “low disk space” warnings or apps refused to install. Some victims discovered a 400 GB file while troubleshooting why their 1 TB NVMe drive had only 50 GB free despite light usage. The update enforces a hard cap on the file’s size and resets the journal on reboot, silently cleaning up the bloat. If you’re already infected, installing KB5095093 and restarting will automatically truncate the file.
What it means for you—and why even 50 GB hurts
For everyday Windows 11 users, the immediate symptom was a mysterious, creeping loss of drive space. Storage Sense, Disk Cleanup, and even third-party tools like TreeSize wouldn’t immediately finger this file because it hides under a heavily protected folder structure. You’d have to manually navigate to C:\ProgramData\Microsoft\Windows\CapabilityAccessManager\ with hidden items enabled and look for the .db-wal file—something no reasonable person would do without a tip-off.
If you’re a power user or IT pro managing fleets, the bug posed a business risk. A single machine could chew through its local storage, causing failed updates, crashed applications, and help-desk tickets that waste hours tracing phantom disk usage. On shared devices with smaller 256 GB SSDs, the file could fill the drive in a few weeks, forcing a reimage. The financial impact on a help desk isn’t trivial: one half-hour call multiplied by a hundred machines equals real money. Windows admins will want to push this preview update to any critical workstation, or at least add a monitoring rule for that file’s size.
Developers who run local services that interact with device permissions—say, a test app that repeatedly requests camera access—were particularly vulnerable. A build loop could accelerate the journal’s growth. The WAL file is a standard SQLite journal; apps that hammer the Capability Access Manager API could theoretically inflate it faster. One developer on Reddit reported seeing the file jump by 2 GB per hour during an automated test cycle.
How we got here: a timeline of the bug
KB5095093 didn’t appear out of nowhere. Reports of unexplained disk usage cropped up in Microsoft’s Feedback Hub as early as April 2026, with users noting that System Volume Information or C:\ProgramData was bloated. By May, a German IT blog, Deskmodder, connected the dots to the CapabilityAccessManager.db-wal file and showed that deleting it—after stopping the service—returned the space. That post quickly hit Reddit and Hacker News, and within days, Windows enthusiasts confirmed the fix.
Microsoft initially stayed quiet, but by mid-June, the company acknowledged the issue on its Windows release health dashboard and promised a fix “in an upcoming preview release.” That fix landed June 23. It’s worth noting that this isn’t the first time a write-ahead log has run amok on Windows. In 2018, the Windows Search indexer’s WAL file ballooned to tens of gigabytes after a faulty update. The 2023 printer spooler bug also filled drives with ghost print jobs. The pattern suggests that background services with database backends need stricter guardrails, which KB5095093 finally introduces.
What to do now: install, verify, and clean up
If you’re running Windows 11 24H2 (build 26100) or 25H2 (build 26200 and above), here’s your playbook:
-
Check if you’re affected. Open File Explorer, click View > Show > Hidden items, then navigate to
C:\ProgramData\Microsoft\Windows\CapabilityAccessManager\. Look for a file namedCapabilityAccessManager.db-wal. If it’s larger than 1 MB, you’ve been hit. (A normal size is under 100 KB.) -
Install the update. Go to Settings > Windows Update, and click “Check for updates.” If KB5095093 appears under optional updates, install it. You’ll need a restart. The update is cumulative; you don’t need any previous preview patch.
-
Verify the fix. After reboot, revisit the folder. The
db-walfile should be gone or shrunk to a few kilobytes. Windows won’t automatically purge the file until you restart, even if you stop the service manually—the journal is locked during runtime. -
Manual cleanup (if you can’t update right now). If you desperately need space before updating, you can stop the Capability Access Manager service, delete the WAL file, then restart the service. Open PowerShell as admin and run:
Stop-Service -Name camsvc -Force; then delete the file; thenStart-Service camsvc. This yields instant space recovery, but it’s a temporary bandage. Without the update, the file will grow again. -
For IT admins. Push KB5095093 through your patch management tool ahead of the July Patch Tuesday cycle. It’s a small, low-risk update—it doesn’t touch core OS files beyond the service binary. If you use Microsoft Intune, the update is already available in the “Optional updates” category. Write a configuration item that monitors the size of that specific file and alerts when it exceeds 10 MB. You can also use Group Policy to limit the Capability Access Manager service to manual start, but that may break app permissions; skip that unless you’re in a locked-down kiosk environment.
-
What about other Windows versions? The bug only affects 24H2 and 25H2. Windows 11 23H2 and older versions use a different capability access manager architecture and are safe. Windows Server 2025, which shares the same core, does not appear affected because it doesn’t run interactive permission prompts the same way.
Outlook: fewer storage surprises ahead
With KB5095093, the file-size guardrail is permanent. Future Windows updates won’t regress this fix because the service binary now includes a hardcoded maximum log size. Still, the incident underscores a broader lesson: Windows’ hidden maintenance files can become landmines when error handling fails. Microsoft’s Feedback Hub rapidly filled with storage complaints in 2026, and the company’s response—from acknowledgment to fix in about six weeks—was faster than historical norms, likely because the bug bubbled up in the enterprise-focused 25H2 preview channels.
For users, a prophylactic “Storage check” every few months now includes a glance at C:\ProgramData\Microsoft\Windows. For IT pros, it’s another argument for deploying preview updates to a test ring—KB5095093 could have saved a lot of tickets if caught earlier. And for Microsoft, it’s a reminder that the SQLite journals under every modern Windows service need the same watchful eye as the NTFS metadata they write to.