Microsoft shipped an early remedy this week for a disk-wasting gremlin that has been stealthily chewing through storage on Windows 11 PCs. The June 23, 2026 preview cumulative update, labeled KB5095093, targets versions 24H2 and 25H2 and squashes a storage leak buried inside a system file most users will never see.

The Culprit: A Write-Ahead Log That Wouldn’t Quit

Nestled under C:\ProgramData\Microsoft\Windows\CapabilityAccessManager sits a file named capabilityaccessmanager.db-wal. In a healthy system, this write-ahead log file is a transient scratchpad for a SQLite database that tracks which apps have requested permission to use your microphone, camera, location, and other sensitive hardware. The database itself is tiny—usually a few megabytes. But the .db-wal companion, which records changes before they’re committed to the main database, was never properly trimmed. Result: a file that could silently balloon into tens of gigabytes, with no built-in ceiling.

The leak wasn’t fast. On most machines, it crept along at a few megabytes per day. But left unchecked for weeks or months, it turned into a disk hog. We’ve seen reports from Windows enthusiasts and IT admins who tripped over the file after low-disk warnings lit up—often blaming mysterious “system files” eating space in the Windows directory, only to track the real culprit to ProgramData. One forum user reported a 64 GB db-wal file on a 256 GB SSD. “I thought Windows had gone crazy,” they wrote. “Nothing showed up in Disk Cleanup or Storage Sense.”

KB5095093 addresses the core flaw. According to Microsoft’s advisory, the update changes how the CapabilityAccessManager service manages its write-ahead log: the file is now properly checkpointed and truncated after transactions complete. Once the update is installed, the file will no longer grow unbounded. Existing bloated logs won’t magically shrink, however; users must clean them up manually (more on that in a moment).

What This Means for You

If you’re an everyday Windows user, you may have already felt the pinch. Symptoms are vague: your PC reports
“low disk space,” but Storage Sense doesn’t identify a clear villain. You run Disk Cleanup, clear temporary files, and still see only marginal improvement. If you’ve dug into File Explorer and enabled hidden items, you might spot a suspiciously large file in the ProgramData folder, but that’s the exception. Most people just wonder why their drive is filling up.

For IT administrators, the bug is a quiet menace. In corporate environments with hundreds of Windows 11 endpoints, a few machines silently filling up can trigger support tickets for “unexplained disk usage” and even impair productivity if the system drive maxes out. Worse, the write activity to that .db-wal file never stops, so SSDs are subjected to nontrivial additional writes—hardly a crisis for modern drives, but an unwelcome addition to wear-and-tear.

Power users and developers might also take note: the fix is a showcase of how even small, overlooked components can cause outsized problems. The CapabilityAccessManager service, introduced alongside Windows 10, has always maintained a local permissions database. This is the first time it has sprung a leak this dramatic. If you develop apps that use Windows permissions and notice odd behavior—like permission dialogs lagging or database errors—this bug could have been a contributor.

How We Got Here

The leak appears to have slithered into Windows 11 alongside changes in how the CapabilityAccessManager service handles app permissions. While Microsoft hasn’t publicly dated the introduction, reports of mysteriously enlarged ProgramData folders began popping up in online forums in late 2025 and early 2026, shortly after the rollout of version 24H2. The issue wasn’t widespread enough to trigger an immediate public response, but community sleuths noticed the correlation: machines with a large capabilityaccessmanager.db-wal were always running recent builds of 24H2 or the newly introduced 25H2 (the 2026 feature update).

Microsoft confirmed the bug in internal channels and baked the fix into the June preview release—a non-security update that serves as a test bed for what will eventually land in the following month’s mandatory Patch Tuesday. This isn’t unusual: Microsoft often uses the “C” week (third or fourth Tuesday) preview updates to roll out fixes for non-exploitable bugs that don’t meet the bar for immediate security patches but are still disruptive.

What to Do Now

The fix is available, but it’s opt-in for now. Here’s how to proceed.

Step 1: Check If You’re Affected

Open File Explorer and navigate to C:\ProgramData\Microsoft\Windows\CapabilityAccessManager. (If you don’t see ProgramData, enable “Show hidden files, folders, and drives” in View options.) Look for capabilityaccessmanager.db-wal. If it’s larger than a few hundred megabytes, you’ve got the leak. Right-click the file and check its size in Properties.

Step 2: Decide on the Update

  • If you want the fix immediately: Open Windows Update, enable “Get the latest updates as soon as they’re available” (if it’s not already on), and check for updates. KB5095093 should appear. Download and install; a restart is required.
  • If you prefer to wait: The same fix will be bundled into July’s mandatory cumulative update, arriving on Patch Tuesday (July 14, 2026). Waiting is safer for mission-critical systems because preview updates occasionally introduce new issues, though this one has been quiet on the bug-report front so far.

Step 3: Reclaim Your Disk Space

Installing KB5095093 stops the leak but doesn’t delete the bloated log file. To recover space:

  1. Restart your PC after the update.
  2. Pause the CapabilityAccessManager service: Open Services.msc, find “Capability Access Manager Service,” right-click, and select Stop. (The service will restart automatically after a few minutes, but the pause is enough.)
  3. Navigate to the folder above and delete capabilityaccessmanager.db-wal. Don’t touch the .db file. If Windows complains the file is in use, restart in Safe Mode and try again, or use a tool like LockHunter.
  4. The log file will be recreated at a normal, tiny size as soon as the service resumes—now properly managed by the update.

For IT Pros: Deploy at Scale

If you manage endpoints, consider deploying KB5095093 via WSUS or Microsoft Endpoint Manager to a pilot group first. Monitor for any side effects (none reported as of this writing). Write a script to check for large capabilityaccessmanager.db-wal files across your fleet; a simple PowerShell one-liner like Get-ChildItem -Path "C:\ProgramData\Microsoft\Windows\CapabilityAccessManager\capabilityaccessmanager.db-wal" -ErrorAction SilentlyContinue | Select-Object Length, FullName will surface any bloated instances. Automate cleanup if needed.

Outlook

KB5095093 will merge into the mandatory July patch, so all Windows 11 24H2 and 25H2 users will get this fix eventually. The episode is a reminder that Windows’ under-the-hood files can misbehave in ways that escape the notice of built-in cleanup tools. Storage Sense, Disk Cleanup, and even third-party utilities typically don’t scan ProgramData for oversized SQLite logs. Microsoft might consider adding such a scan in future versions, or at least capping write-ahead logs by default.

For now, if you’ve been chasing an inexplicable disk-space drain, this one tiny update could be the answer. It’s a fix that won’t change how you use your PC, but it might just give you back a chunk of storage you didn’t know you’d lost.