Connect with us

NEWS

Windows 11 Storage Bug Fills Drives With 500GB Permission Log

Microsoft’s KB5095093 patches a Windows 11 storage bug where the CapabilityAccessManager.db-wal permission log ballooned to 500GB on some PCs. How to verify.

Published

on

Microsoft has confirmed a Windows 11 storage bug in which a single permission-log file, CapabilityAccessManager.db-wal, ballooned to hundreds of gigabytes on some PCs, with the highest verified instance reaching about 513GB. An optional Windows 11 update, KB5095093, fixes the runaway file’s compaction behavior, and the same patch is scheduled to reach every supported system in the July 14, 2026 Patch Tuesday release.

The bug does not compromise the permission system it logs for. It quietly turns a background database write-ahead file into the largest single item on a system drive, on systems where the WAL never compacts back into the parent database. Users with smaller SSDs are the first to feel the wall, with several day-to-day Windows behaviors breaking in predictable ways before any error message names the file.

What the CapabilityAccessManager.db-wal File Is Supposed to Be

The CapabilityAccessManager.db-wal file lives at C:\ProgramData\Microsoft\Windows\CapabilityAccessManager\, inside a Windows 11 subsystem called Capability Access Manager. That subsystem governs app access to privacy-sensitive features such as the camera, microphone, location, contacts, and screen capture. Its job is to record each request so permission decisions can be logged and enforced.

The .db-wal suffix marks the file as a write-ahead log, a SQLite database pattern used to stage transactions before they are folded into the main database. A WAL file can grow in normal use but is meant to be merged back into the parent database on a regular cycle. An outside look at the WAL as a temporary write-ahead file frames it the same way: a temporary staging area rather than the database proper.

On healthy systems, the CapabilityAccessManager folder takes up a few megabytes, and the WAL file inside it measures about 1.6MB. Affected systems have ballooned that same file into the hundreds of gigabytes. A report tracing the bloat to the WAL file lays out an everyday ceiling against the runaway state users have seen. The KB5095093 release note itself references the file by name in a single sentence, without naming a build range or a threshold size. The same release log carries dozens of other Windows 11 changes for the cumulative; the WAL entry is one line among many.

From Megabytes to Hundreds of Gigabytes

Reports from users over the past year put the offending file at every size between tens of gigabytes and beyond. A Feedback Hub post flagged a system with the file at around 200GB. On a Reddit thread, one user said TreeSize showed the file at about 513GB, against roughly 29GB combined for pagefile.sys and hiberfil.sys. Other commenters in the same thread reported 70GB, 110GB, and 200GB sizes on their own machines.

Microsoft’s release note for KB5095093 references the WAL by name only. So far Microsoft has not published a postmortem, a list of affected applications, or a profile of the systems most likely to hit the runaway state. The available working theory, from the Windows Latest investigation, is that the WAL is not being merged back into the main database correctly, so each new permission event lands in the log instead.

  • Healthy file size: about 1.6MB
  • Reported bloat in many cases: 70GB to 200GB
  • Highest verified: about 513GB, TreeSize check
  • Affects Windows 11 versions 24H2 and 25H2

How Microsoft Documented the Fix Without Naming the Damage

Microsoft’s documentation of the bug landed in three steps. The KB5095093 cumulative shipped on June 23, 2026, without the WAL entry in its change log. Six days later, on June 29, 2026, Microsoft quietly appended the line to the official release notes.

Microsoft’s exact wording in that June 29 entry is one sentence long. The KB5095093 release notes themselves carry no affected-builds range, no size threshold, and no remediation note for users already over capacity. There is no entry for the bug on the Windows known issues dashboard as of writing. The tech press named the cause before Microsoft acknowledged it in any user-facing way.

[Storage] This update improves disk space usage for the CapabilityAccessManager.db-wal file.

The same change is set to roll out automatically on the July 14, 2026 Patch Tuesday, per Windows Latest. After installing the update, a restart is typically required for the WAL compaction behavior to take effect. Microsoft’s own change log page carries no second [Storage]-tagged line in this cumulative other than the WAL entry.

Where the Storage Leak Lands First

A WAL file at 100GB on a 2TB desktop SSD is a minor nuisance during housekeeping. On a 512GB or 1TB laptop carrying OneDrive sync, Teams caches, Outlook data, and update overhead, that same scale of bloat can become a real-world outage. gHacks notes that systems running on SSDs closer to 512GB or 1TB are the most exposed.

Beyond storage pressure, several day-to-day Windows behaviors break in predictable ways when the drive gets tight.

  • App installs and updates can fail to write to the drive
  • Windows Update itself can stall for lack of space
  • Temporary-file cleanup fires repeatedly to free what it can
  • Backup or restore operations stop, even with shadow copies available

What the storage monitor in Windows shows during an outage is its own aggravator. The Settings app lists the offender only as “System files” under “System and reserved,” with no drill-down to the actual file responsible. Disk Cleanup hits known categories but does not surface the WAL. First user write-ups going back roughly a year predate the current fix. The KB5095093 cumulative is the first formal Microsoft response to those reports. Community workarounds, including renaming the WAL file in Safe Mode, have been in user forums since the early reports arrived.

The change Microsoft ships is described in the release note as a compaction improvement. Windows 11 26H1 Insider builds are not named in the same release note, where Microsoft typically lists in-flight variants of the same bug. The release notes do not describe whether existing bloated WAL files are reduced automatically after install.

Checking Whether Your PC Is Bleeding Storage

The simplest way to see whether the WAL file is ballooning is from inside Storage Settings. Open Settings, then System, then Storage, then choose “Show more categories” at the bottom of the page. Tap “System files” under “System and reserved.” If the number shown for system files is in the hundreds of gigabytes with no obvious user-data cause, the WAL file is the most likely explanation. None of these screens name the offending file; a user has to make the link themselves or run a separate scanner. A separate KB5089549 install failure from earlier this year fixes a separate EFI partition install issue that also surfaced through user reports.

A direct, read-only verification uses Robocopy, a built-in Windows copy utility, to list the file size without changing permissions. Open an elevated Command Prompt, then run:

robocopy "C:\ProgramData\Microsoft\Windows\CapabilityAccessManager" "%TEMP%\CAMCheck" /L /B /R:0 /W:0 /BYTES /NP

The /L flag is list-only, /B is backup mode that lets Robocopy read protected system files without changing ownership, and R:0 / W:0 stop the tool from retrying through access blocks. The command does not copy or delete anything; the %TEMP%\CAMCheck destination is a dummy path. On a normal system, the listing shows CapabilityAccessManager.db-wal at a few megabytes. A machine running the bug shows the same file at several gigabytes, growing on every re-run, per Windows Latest.

Installing the Fix and What Stays Unresolved

For anyone with free drive space to spare, the optional KB5095093 update is the path of least resistance. Users can install it manually through Settings, then Windows Update, then Advanced options, then Optional updates, where KB5095093 appears with OS builds 26200.8737 (25H2) and 26100.8737 (24H2). The same change will reach everyone in the scheduled July 14, 2026 Patch Tuesday release.

If the drive is already so full that Windows Update will not run, gHacks describes the workaround as renaming the oversized CapabilityAccessManager.db-wal file from Windows Recovery Environment or Safe Mode, letting Windows rebuild a fresh WAL on the next boot. The same source warns against deleting system files from a live installation, and notes that typical storage cleanup tools do not surface this file. Microsoft has not requested user-supplied diagnostic data publicly; users who want a paper trail can save the file’s current size before installing the update or report the affected build and apps through Feedback Hub. Microsoft has not indicated whether Windows 11 26H1 Insider builds are affected, so Insider channel users should watch for similar fixes in the next flight releases. The KB5095093 release notes do not describe whether a reboot is strictly required.

Frequently Asked Questions

Is this a security issue?

No. The bug changes only how much disk space the WAL file occupies, not the way Windows enforces app permissions. WAL compaction does not interact with the permission decision path itself. Capability Access Manager continues to gate microphone, camera, location, contacts, and screen capture access in the same way it always has. The risk on a hit machine is to free drive space, not to the privacy controls themselves.

My drive is already full. How do I install the fix?

Boot into Windows Recovery Environment or Safe Mode and rename, not delete, the oversized CapabilityAccessManager.db-wal file at C:\ProgramData\Microsoft\Windows\CapabilityAccessManager\. On the next normal boot, Windows will generate a fresh WAL and free the previous file’s space; once the drive has room, install KB5095093 through Windows Update’s Optional updates section.

Which versions of Windows 11 are affected?

The Microsoft fix in KB5095093 targets Windows 11 versions 24H2 and 25H2, with OS builds 26200.8737 (25H2) and 26100.8737 (24H2). The fix is the same on both supported editions and ships through the same optional-update channel. Microsoft has not confirmed the bug for Windows 11 26H1 Insider builds, and users on Insider flight rings should watch for similar WAL fixes in upcoming previews.

Did Microsoft publish a postmortem on why the WAL ran away?

Microsoft has not published a full post-mortem on the bug. The June 29, 2026 update to the KB5095093 release note stands as the only formal acknowledgement on Microsoft’s own channels; the bug does not appear on the Windows known issues dashboard as of writing. Independent reporting frames the WAL as not being merged back into the parent SQLite database correctly. Microsoft has not named which apps or services contribute the most logging, nor what threshold of system usage tends to trip the bug.

How long has this bug been in the wild?

User write-ups for runaway CapabilityAccessManager.db-wal sizes go back to roughly mid-2025, per PCWorld. The KB5095093 cumulative is the first formal Microsoft response to those reports, with the relevant release note appended on June 29, 2026. Community workarounds, including renaming the WAL file in Safe Mode, circulated during that span.

As the founder of Thunder Tiger Europe Media, Dr. Elias Thornwood brings over 25 years of experience in international journalism, having reported from conflict zones in the Middle East, Asia, and Africa for outlets like BBC World and Reuters. With a PhD in International Relations from Oxford University, his expertise lies in geopolitical analysis and global diplomacy. Elias has authored two bestselling books on European foreign policy and received the Pulitzer Prize for International Reporting in 2015, establishing his authoritativeness in the field. Committed to trustworthiness, he enforces rigorous fact-checking protocols at Thunder Tiger, ensuring unbiased, evidence-based coverage of worldwide news to empower informed global audiences.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending