Microsoft has shipped a fix for a disk-gobbling bug in Windows 11 that quietly let a single log file swell to tens of gigabytes, silently suffocating storage on affected PCs. The update, KB5095093, stops the CapabilityAccessManager’s write-ahead log from bloating out of control on versions 24H2 and 25H2.
The bug that turned a housekeeping file into a disk hog
Buried inside every Windows 11 installation is a small SQLite database that tracks which apps you’ve allowed to use your microphone, camera, and other privacy-sensitive hardware. That database—CapabilityAccessManager.db—keeps a rolling transaction journal called CapabilityAccessManager.db-wal. Normally, this write-ahead log file is a temporary scratchpad that stays modest in size, typically a few kilobytes, and gets cleaned up automatically.
On Windows 11 24H2 and 25H2, something went wrong with that cleanup process. The .db-wal file began accumulating data without bounds, sometimes ballooning to 20 GB, 50 GB, or even larger. Users started noticing their C: drives filling up for no apparent reason, and disk space analyzers like TreeSize or WizTree pointed squarely at a single file tucked away in C:\ProgramData\Microsoft\Windows\CapabilityAccessManager.
The symptom was particularly insidious because it didn’t trigger performance warnings or crash apps. The machine ran fine—until it didn’t, because the disk was full. For anyone on a 128 GB or 256 GB SSD, the leak could eat a quarter of the drive in weeks.
Microsoft acknowledged the flaw in late June 2026, confirming that the service responsible for maintaining the database wasn’t properly truncating the write-ahead log. The root cause likely sat in the background task that should periodically checkpoint the log into the main database file and then reset it. Instead, the log grew endlessly, recording every privacy consent change and carrying old data that should have been discarded.
Who felt the pinch—and who didn’t notice
The impact split cleanly along hardware lines. Home users with entry‑level laptops and 2‑in‑1s—devices often sold with small, non‑expandable eMMC or UFS storage—were hit hardest. Once free space dropped below a few gigabytes, the whole machine slowed down, Windows Update couldn’t download patches, and temporary files caused constant low-disk-space toasts.
Power users and IT administrators typically run on larger drives, so many didn’t feel the squeeze until they ran audit scripts or monitored endpoints with software like Microsoft Endpoint Manager. Even then, the .db-wal file wasn’t harvested by Disk Cleanup or Storage Sense, because those tools look in well‑known temp folders, not in a system database directory. That left manual discovery as the only way to spot the bloat.
A small subset of users never saw the issue at all. If an app was actively writing to the log when the file should have been checkpointed, the routine might have succeeded purely by chance. But for millions of affected machines, the bug was a slow, silent drip.
Tracing the timeline: from forum whispers to KB5095093
The first scattered reports appeared in early 2026 on Reddit and WindowsForum.com, with users posting screenshots of a mysteriously huge CapabilityAccessManager.db-wal file. For months, the official advice was to delete the file manually—a risky workaround that sometimes corrupted the privacy database and forced a reset of all app permissions.
Behind the scenes, Microsoft’s engineering team reproduced the leak in lab environments running 24H2 and 25H2 builds. The acknowledgment in late June came through a stealthy update to a known‑issues dashboard, not a loud public announcement. By mid‑July, KB5095093 rolled out as an optional cumulative update, with a one‑line release note: “Fix: Addresses an issue that causes the CapabilityAccessManager.db-wal file to grow unusually large.”
The patch does two things. It adds a size threshold that triggers an automatic checkpoint when the .db-wal file exceeds 100 MB, and it fixes the underlying logic that ignored those checkpoints previously. After installing the update, the next time the CapabilityAccessManager service starts—usually at login—the oversized log is compacted into the main database and trimmed to near zero.
What you should do right now
If your PC is running Windows 11 24H2 or 25H2, the single best move is to install KB5095093. Head to Settings → Windows Update, click Check for updates, and look for the update either under optional updates or in the latest cumulative package. A reboot is required.
After installation, you can verify the fix took hold:
1. Open File Explorer and paste %ProgramData%\Microsoft\Windows\CapabilityAccessManager into the address bar.
2. Check the size of CapabilityAccessManager.db-wal. On a patched system, it should hover around a few kilobytes.
3. If the file still appears oversized, sign out and sign back in—the cleanup runs during the service startup.
For administrators managing fleets, the update is available through Windows Server Update Services (WSUS) and Microsoft Intune. The KB article number is KB5095093; you can push it to all 24H2/25H2 endpoints without extra configuration. No Group Policy or registry tweaks are needed.
If you can’t install the update immediately, the safest short‑term workaround is to stop the CapabilityAccessManager service, delete the .db-wal file, and restart the service. Here’s the sequence:
- Open an elevated Command Prompt.
- Run net stop CapabilityAccessManager.
- Delete the file: del /f C:\ProgramData\Microsoft\Windows\CapabilityAccessManager\CapabilityAccessManager.db-wal.
- Run net start CapabilityAccessManager.
Beware: this wipes your app‑permission history, so every application will ask for camera or microphone access again. Also, some users have reported that the main database file becomes temporarily inaccessible after the manual delete, requiring a reboot. Microsoft’s official stance is to rely on the update, not the workaround.
Affected Windows versions
| Version | Build range affected | Fix status |
|---|---|---|
| Windows 11 24H2 | All builds before KB5095093 | Fixed in KB5095093 |
| Windows 11 25H2 | All builds before KB5095093 | Fixed in KB5095093 |
| Windows 11 23H2 and earlier | Not affected | N/A |
A familiar pattern, but a quick resolution
The CapabilityAccessManager bloat joins a long line of Windows disk‑leak bugs—from the infamous WinSxS backup bloat to the more recent cryptnet cache flooding. What sets this episode apart is the speed with which Microsoft rolled out a targeted fix after officially acknowledging the problem. The gap between the late‑June admission and the KB release was just a few weeks, suggesting the engineering work was already far along.
As Windows continues to lean on SQLite databases for local system data (the search index, activity history, and now privacy consent logs), file‑management hygiene becomes critical. A bug in a journaling routine that would be a minor nuisance in a user‑installed app becomes a system‑wide crisis when it’s embedded in a core component like CapabilityAccessManager.
What to watch next
The KB5095093 update will eventually be bundled into future Patch Tuesday rollups, so if you skip it now, you’ll still get the fix eventually. More importantly, Microsoft’s telemetry will now flag machines where the .db-wal file exceeds the new threshold, giving IT admins better visibility into any lingering bloat. For anyone who already ran dangerously low on space, this patch closes a quiet chapter—but it’s a reminder to check %ProgramData% once in a while for hidden disk drains.