What is the CVSS score of CVE-2026-44802?

CVE-2026-44802 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Windows DWM Core Library are affected by CVE-2026-44802?

Windows Desktop Window Manager (DWM) vulnerability CVE-2026-44802 allows standard user accounts to escalate privileges to system administrator level on any affected Windows computer, creating…. A patch is available.

How to fix or mitigate CVE-2026-44802?

Within 24 hours: Conduct inventory of Windows systems in the environment; disable or restrict non-essential user logons on critical business systems. Within 7 days: Deploy endpoint detection and response (EDR) tuning to flag DWM process anomalies and unexpected privilege escalation attempts; restrict interactive logon permissions for standard user accounts on administrative systems. Within 30 days: Monitor Microsoft security bulletins for CVE-2026-44802 patch release (specific version TBD by vendor); prepare automated patch deployment in enterprise patch management system upon release.

Windows DWM Core Library CVE-2026-44802

EUVD-2026-35753 HIGH

Use After Free (CWE-416)

2026-06-09 secure@microsoft.com

GHSA-9v4q-pmfw-6hgx

Microsoft Use After Free Memory Corruption Denial Of Service Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 23h2 Windows 11 24h2 Windows 11 25h2 Windows 11 26h1 Windows Server 2019 Windows Server 2022 Windows Server 2025

7.8

CVSS 3.1 · NVD

Temporal: 6.8

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CIRCL (temporal)

6.8 MEDIUM

cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

Jun 09, 2026 - 19:03 EUVD

Analysis Generated

Jun 09, 2026 - 18:48 vuln.today

CVE Published

Jun 09, 2026 - 17:17 nvd

HIGH 7.8

DescriptionNVD

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library allows an authenticated low-privilege attacker to gain higher privileges through a use-after-free memory corruption flaw. The vulnerability carries a CVSS score of 7.8 with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain low-privileged local shell

Delivery

Invoke DWM Core Library code path

Exploit

Trigger use-after-free condition

Execution

Reclaim freed allocation with controlled data

Persist

Hijack control flow in DWM process

Impact

Execute payload as SYSTEM

Access

Obtain low-privileged local shell

Delivery

Invoke DWM Core Library code path

Exploit

Trigger use-after-free condition

Execution

Reclaim freed allocation with controlled data

Persist

Hijack control flow in DWM process

Impact

Execute payload as SYSTEM

Vulnerability AssessmentAI

Exploitation	Exploitation requires the attacker to already possess local code execution on the target Windows host as a low-privileged authenticated user (CVSS PR:L, AV:L), and the affected DWM Core Library component must be loaded - which is the default state on any interactive Windows desktop session. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) describes a locally-exploitable issue requiring low attacker privileges, no user interaction, and yielding full CIA impact - a classic local elevation-of-privilege profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker who has already obtained a low-privileged shell on a Windows host - for example via phishing-delivered malware, a compromised service account, or a malicious insider - executes a crafted program that interacts with DWM in a sequence that triggers the use-after-free, sprays the freed allocation with attacker-controlled data, and pivots execution into the DWM process to elevate to SYSTEM. With SYSTEM privileges the attacker can disable security tooling, dump LSASS for credentials, and establish persistence. …
Remediation	Apply the Microsoft security update referenced in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44802 during the next Patch Tuesday cycle; patch status from the supplied data is best characterized as Patch available per vendor advisory, with specific KB numbers and build versions to be confirmed against the MSRC update guide for each affected Windows SKU. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Conduct inventory of Windows systems in the environment; disable or restrict non-essential user logons on critical business systems. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-44802 vulnerability details – vuln.today

Back

Windows DWM Core Library CVE-2026-44802

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code