Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
AnalysisAI
Out-of-bounds read in Windows GDI (Graphics Device Interface) allows local attackers to disclose sensitive information without authentication. The vulnerability affects Windows 10 versions 21H2 and 22H2, Windows 11 versions 22H3 through 26H1, and Windows Server 2022/2025, requiring user interaction to trigger. Microsoft has released patches for all affected versions, with specific build numbers provided for remediation.
Technical ContextAI
Windows GDI is the core graphics subsystem responsible for rendering graphics objects, fonts, and display elements. The vulnerability stems from a classic out-of-bounds read condition (CWE-125) where the GDI component fails to properly validate memory access boundaries when processing graphics data. This allows an attacker to read adjacent memory contents that should be inaccessible, potentially exposing sensitive information such as cryptographic keys, session tokens, or other confidential data stored in process memory. The local attack vector and requirement for user interaction (UI:R) suggest the attack may involve tricking a user into opening a specially crafted document or graphics file that triggers the out-of-bounds access when processed by GDI.
RemediationAI
Apply the vendor-released security patches from Microsoft immediately for your specific Windows version and build. For Windows 10 21H2, update to build 19044.7184 or later; for Windows 10 22H2, update to build 19045.7184 or later; for Windows 11 22H3 and 23H2, update to build 22631.6936 or later; for Windows 11 24H2, update to build 26100.32690 or later; for Windows 11 25H2, update to build 26200.8246 or later; for Windows 11 26H1, update to build 28000.1836 or later; for Windows Server 2022, update to build 20348.5020 or later; for Windows Server 2022 23H2 Server Core, update to build 25398.2274 or later; and for Windows Server 2025, update to build 26100.32690 or later. No workarounds are available for this vulnerability-patching is the only mitigation. Consult the Microsoft Security Update Guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27931 for patch deployment instructions and validation procedures.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22487