Skip to main content

Windows Hyper-V CVE-2026-45641

| EUVDEUVD-2026-35687 HIGH
Access of Resource Using Incompatible Type (Type Confusion) (CWE-843)
2026-06-09 secure@microsoft.com GHSA-3hgm-7fqq-m4fp
7.8
CVSS 3.1 · NVD
Temporal: 7.3
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
7.3 HIGH
cvss
vuln.today AI
7.8 HIGH

Local guest/host access (AV:L) with low privileges (PR:L); type-confusion exploitation typically requires precise timing/memory layout (AC:H); hypervisor escape changes security scope (S:C) with total host impact.

3.1 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Updated
Jun 11, 2026 - 17:58 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 11, 2026 - 17:58 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 11, 2026 - 17:52 vuln.today
cvss_changed
CVSS changed
Jun 11, 2026 - 17:52 NVD
8.4 (HIGH) 7.8 (HIGH)
Patch available
Jun 09, 2026 - 19:03 EUVD
Analysis Generated
Jun 09, 2026 - 18:04 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 8.4

DescriptionNVD

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

AnalysisAI

Local code execution in Microsoft Windows Hyper-V allows an authenticated attacker on a guest or host to escape sandbox boundaries by triggering an out-of-bounds read condition (CWE-843, type confusion) in the hypervisor. The flaw affects Windows 10 (21H2/22H2), Windows 11 (23H2/24H2/25H2/26H1), and Windows Server 2022/2025, with a vendor-released patch available and no public exploit identified at time of analysis. EPSS scoring of 0.15% and SSVC exploitation status of 'none' suggest limited near-term exploitation likelihood despite total technical impact potential.

Technical ContextAI

Hyper-V is Microsoft's Type-1 hypervisor that powers virtualization on Windows client and server SKUs, including Windows Sandbox, WSL2, Hyper-V VMs, and Credential Guard. CWE-843 (Access of Resource Using Incompatible Type, often called type confusion) here manifests as an out-of-bounds read, indicating the hypervisor interprets a memory region under one type while the underlying data is sized or structured differently, allowing the attacker to read past intended boundaries. Because Hyper-V code runs in the root partition or hypervisor context with the highest privilege on the system, memory disclosure or corruption primitives here can be leveraged to escape guest isolation or escalate within the host. The CPE list shows the flaw spans the kernel-mode hypervisor stack on x64 builds of Windows 10, Windows 11 (including 26H1 insider builds), Windows Server 2022, and Windows Server 2025, consistent with a shared hvix64/hvax64 codebase.

RemediationAI

Vendor-released patch: install the Microsoft cumulative update that brings the affected OS to or above the fixed build for your channel (e.g., 19044.7417/19045.7417 for Windows 10, 22631.7219 for Windows 11 23H2, 26100.8655 for 24H2, 26200.8655 for 25H2, 20348.5256 for Server 2022, 26100.32995 for Server 2025) as detailed in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45641. Until patching is complete, compensating controls include disabling the Hyper-V role on hosts that do not require virtualization (this also disables Windows Sandbox, WSL2, and Credential Guard, which is a meaningful side effect), restricting which users can create or attach VMs via the Hyper-V Administrators group to trusted accounts only, and avoiding running untrusted guests on shared hosts. On multi-tenant or sandbox-execution hosts, isolate untrusted workloads onto separate, fully patched physical hardware to limit blast radius until updates are deployed.

CVE-2025-33053 HIGH POC
8.8 Jun 10

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables

CVE-2025-33073 HIGH POC
8.8 Jun 10

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker

CVE-2025-21293 HIGH POC
8.8 Jan 14

Active Directory Domain Services contains an elevation of privilege vulnerability that allows authenticated domain users

CVE-2025-30397 HIGH POC
7.5 May 13

Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the

CVE-2025-32706 HIGH POC
7.8 May 13

Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulne

CVE-2025-21418 HIGH
7.8 Feb 11

Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow enabling local privilege escalation

CVE-2026-21510 HIGH POC
8.8 Feb 10

Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote atta

CVE-2023-38545 CRITICAL POC
9.8 Oct 18

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. Rated critical severity (CVSS 9.8), thi

CVE-2025-47827 MEDIUM POC
4.6 Jun 05

In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptograph

CVE-2026-21519 HIGH
7.8 Feb 10

Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables

CVE-2025-32701 HIGH
7.8 May 13

Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a se

CVE-2025-21391 HIGH
7.1 Feb 11

Windows Storage contains an elevation of privilege vulnerability through symlink following that allows authorized attack

Share

CVE-2026-45641 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy