Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Microsoft Windows Internet (wininet.dll) allows an authenticated low-privileged attacker to elevate to higher privileges by triggering an integer overflow condition. With a CVSS score of 7.8 and full impact on confidentiality, integrity, and availability, this flaw represents a meaningful post-compromise risk on affected Windows systems, though no public exploit identified at time of analysis. The vulnerability has been reported by Microsoft's own security team (secure@microsoft.com), indicating internal discovery and coordinated disclosure.
Technical ContextAI
The vulnerability resides in wininet.dll, the Windows Internet API library that provides high-level HTTP, FTP, and Gopher client functionality used by Internet Explorer, Edge legacy components, and numerous third-party applications that link against the WinINet API. The root cause is CWE-190 (Integer Overflow or Wraparound), where arithmetic operations on integer values exceed the maximum representable size, wrapping around to small or negative values. In a library like wininet.dll, such overflows typically occur during length calculations on protocol fields, content-length headers, URL parsing, or buffer-size computations, and the wrapped value is then used to allocate or index a buffer - leading to heap or stack memory corruption. The 'Buffer Overflow' tag alongside 'Integer Overflow' confirms that the integer wrap is the precursor to a subsequent memory corruption primitive that enables privilege escalation.
RemediationAI
Apply the security update referenced in Microsoft's advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45592 via Windows Update or WSUS as soon as it is staged in your patch rings - the MSRC update guide enumerates the per-SKU KB numbers and exact patched binary versions, which must be cited from that page since no fix version is included in the input data (Patch available per vendor advisory). Because exploitation requires local low-privileged access, compensating controls in the interim include enforcing least-privilege on interactive users and service accounts, restricting standard users from running untrusted binaries (AppLocker or WDAC policies), and monitoring EDR telemetry for anomalous child processes spawned from wininet.dll-consuming applications such as legacy IE components, Outlook, or third-party HTTP clients; the trade-off is that AppLocker/WDAC enforcement requires upfront application inventory work and can break line-of-business apps if rolled out without an audit phase. Disabling WinINet itself is not a viable workaround because it is a core Windows component depended on by the OS and many shipped applications.
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Integer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35550
GHSA-c8fm-pg8v-hrr3