Skip to main content

Windows AppID Subsystem CVE-2026-45604

| EUVDEUVD-2026-35553 MEDIUM
Out-of-bounds Read (CWE-125)
2026-06-09 secure@microsoft.com GHSA-95c9-4wfm-w24v
5.5
CVSS 3.1 · NVD
Temporal: 4.8
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CIRCL (temporal)
4.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 09, 2026 - 19:40 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
MEDIUM 5.5

DescriptionNVD

Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

AnalysisAI

Out-of-bounds read in the Windows Application Identity (AppID) Subsystem exposes sensitive kernel or process memory to a local authenticated attacker without requiring elevated privileges or user interaction. Affected builds span Windows 11 versions 23H2 through 26H1 and Windows Server 2025, including Server Core installations. No public exploit code has been identified at time of analysis and this CVE does not appear in the CISA KEV catalog, though the high confidentiality impact (CVSS C:H) indicates meaningful data exposure potential when triggered.

Technical ContextAI

The Windows Application Identity (AppID) service underpins AppLocker and software restriction policy enforcement by validating executable identities against policy rules. CWE-125 (Out-of-bounds Read) describes a memory safety flaw where a component reads data beyond the allocated buffer boundary, potentially exposing adjacent memory regions containing sensitive data such as credentials, cryptographic material, or kernel structures. The CVSS vector (AV:L/AC:L/PR:L) confirms this is a local, low-complexity flaw requiring only a standard (non-elevated) user account. Affected CPE targets include Windows 11 build lines from 10.0.22631 (23H2) through 10.0.28000 (26H1) and Windows Server 2025 at build 10.0.26100, per EUVD-2026-35553 data.

RemediationAI

Apply the Microsoft security update that brings affected builds to or above the following fixed versions: Windows 11 26H1 → 10.0.28000.2269; Windows 11 25H2 → 10.0.26200.8655; Windows 11 24H2 → 10.0.26100.8655; Windows 11 23H2 → 10.0.22631.7219; Windows Server 2025 and Server Core → 10.0.26100.32995. Updates are available via Windows Update, WSUS, and Microsoft Update Catalog - consult https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45604 for direct download links. If immediate patching is not feasible on a sensitive system, a compensating control is to restrict interactive and remote logon rights to the affected host to only named, trusted administrators via Group Policy (User Rights Assignment: 'Allow log on locally' and 'Allow log on through Remote Desktop Services'), reducing the attacker pool. This control does not eliminate the vulnerability but raises the bar to high-privileged accounts only. Note that disabling the AppID service itself would break AppLocker enforcement, which is a significant security regression and is not recommended as a workaround.

Share

CVE-2026-45604 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy