· 18 wire drops in the last hour
DTWdailytechwire
Tech Intelligence, Wired Daily
Subscribe
Dev

Windows 11 Patch Tackles Runaway Permissions File Eating Hundreds of Gigabytes

Microsoft's June update addresses a storage leak in CapabilityAccessManager that ballooned to 500GB on some machines, exposing gaps in OS telemetry and disk management.

DR
Daniel R. Whitfield
Staff Writer · Singapore
Jul 8, 2026
4 min read
Windows 11 Patch Tackles Runaway Permissions File Eating Hundreds of Gigabytes
Windows 11 Patch Tackles Runaway Permissions File Eating Hundreds of GigabytesCredit: Photo: Alex Castro / The Verge

A Hidden File Spiraling Out of Control

For months, Windows 11 users watched their free storage vanish without explanation. Disk cleanup tools offered no relief. Cloud backups weren't to blame. The culprit turned out to be a single file buried in system directories: CapabilityAccessManager.db-wal, a write-ahead log tied to app permission tracking that ships with every Windows 11 installation.

Microsoft released a fix in June 2026 through optional update KB5095093, targeting what the company describes as improved disk space management for the permissions file. The patch arrives after user reports documented the file ballooning from a few megabytes to triple-digit gigabyte sizes, in some cases claiming half a terabyte of storage on devices with already constrained SSDs.

The Scale of the Problem

User forums and support threads reveal the breadth of the issue. One device owner reported the file reaching 500GB before discovery. Others logged sizes between 12GB and 50GB, enough to trigger low-storage warnings on budget laptops and tablets running Windows 11 Home. The write-ahead log format, designed to ensure database integrity during permission checks, apparently lacked proper truncation or rollover logic in certain update branches.

At DailyTechWire, we've tracked similar file-growth bugs across operating systems, but the CapabilityAccessManager case stands out for its default presence and the delay between first user complaints and a shipping patch. The file manages which apps can access camera, microphone, location, and other sensitive hardware, a role that became more prominent after Windows 10 introduced granular permission controls. Under normal operation, the log should remain under 100MB even on heavily used systems.

Why a Permissions Database Bloats

Write-ahead logs are a common database strategy: changes are written to a sequential log file before being committed to the main database, ensuring recovery if a crash occurs mid-transaction. Windows uses SQLite for CapabilityAccessManager, and the .db-wal suffix indicates the log component of that database.

The leak likely stems from incomplete checkpoint operations, where logged transactions are supposed to be merged back into the primary database file and the log truncated. If checkpoint triggers fail due to locked files, permission conflicts, or timing bugs in the Windows Storage Service, the log grows indefinitely. Every app launch, permission query, and background task appends new entries without clearing old ones.

This behavior mirrors issues seen in other SQLite deployments, notably in browser cache databases and sync engines. The difference here is scope: CapabilityAccessManager runs at the OS level, touching every sandboxed app on the system. A single misconfigured trigger can compound across thousands of permission checks per day.

The Patch and What It Changes

KB5095093 is marked optional, meaning it reaches users through Windows Update's "Check for updates" flow but doesn't install automatically unless a device is configured for all available updates. Microsoft's release notes specify "improves disk space usage" without detailing the underlying code change, a common practice for patches that touch security-adjacent components like permission management.

The fix likely introduces more aggressive checkpoint scheduling, caps the maximum log size, or corrects the lock-release sequence that prevented earlier cleanup. Users who install the update should see the file shrink to typical sizes within a few restart cycles as the backlog is processed. For those already affected, manual deletion of the .db-wal file is possible but risks losing in-flight permission state, potentially requiring a re-grant of app permissions after reboot.

Implications for Windows Storage Management

The episode underscores a persistent challenge in modern OS design: balancing robustness with resource discipline. Windows 11's telemetry collects vast amounts of performance and error data, yet this particular file growth went undetected at scale until users flagged it externally. That gap suggests either insufficient monitoring of system-folder disk usage or a lack of automated alerts when individual files exceed reasonable thresholds.

For IT administrators managing enterprise fleets, the bug poses a subtler risk. Devices with 128GB or 256GB drives, common in education and frontline-worker deployments, can be pushed into low-storage states that degrade performance and block future updates. If the CapabilityAccessManager log consumes 50GB, a single feature update may fail to stage, leaving machines on older builds and missing subsequent security patches.

Broader Context in OS Reliability

Windows 11 has shipped roughly two dozen cumulative and optional updates since its October 2021 launch, each addressing a mix of security vulnerabilities, driver compatibility, and usability bugs. File-growth issues have appeared sporadically, including a 2023 incident involving Windows Search indexer logs and a 2024 bug in the Windows Update cleanup component.

What distinguishes the CapabilityAccessManager case is its tie to privacy infrastructure. As regulators in the EU, India, and other jurisdictions impose stricter app-permission transparency requirements, the reliability of the underlying OS permission layer becomes a compliance concern. A file that silently devours storage also raises questions about what other permission-system behaviors might be opaque to users and administrators.

Lessons for Storage Hygiene

The fix is welcome, but the incident offers a reminder for both developers and users. On the development side, any component that writes logs or caches in unbounded fashion should include fail-safes: maximum file size, automatic rotation, and health checks that surface anomalies before they consume gigabytes. On the user side, periodic audits of system-folder sizes using tools like WinDirStat or the built-in Storage Sense can catch runaway files early, even when OS telemetry misses them.

As Windows continues its shift toward cloud-integrated, always-updating architecture, the margin for storage leaks narrows. Devices increasingly ship with smaller, faster SSDs rather than large spinning disks, and users expect the OS to manage its own footprint gracefully. A single permissions log shouldn't be a storage crisis, and going forward, Microsoft's engineering rigor on resource bounds will matter as much as feature velocity.

Read next
Dev

Four Pillars That Make AI Systems Work at Scale

Arjun S. Mehta · 6 min
Dev

One Engineer's Six-Month Quest to Build a GPU From Scratch Using 8,192 RISC-V Chips

Kenji Watanabe · 5 min
Dev

Microsoft Opens Azure Linux 4 for Local Testing as Fedora Dependency Takes Shape

Daniel R. Whitfield · 4 min
Spot something wrong? Email corrections@dailytechwire.com. We log every correction publicly.