Skip to main content

CWE-190

Integer Overflow or Wraparound

2408 CVEs Avg CVSS 7.4 MITRE
280
CRITICAL
1468
HIGH
592
MEDIUM
60
LOW
754
POC
18
KEV

Monthly

CVE-2026-59117 HIGH PATCH This Week

Remote code execution in Microsoft Windows Terminal allows an unauthenticated attacker to run arbitrary code by tricking a user into interacting with malicious content that triggers an integer overflow (CWE-190). The flaw carries a CVSS 7.5 rating driven by high complexity and required user interaction; no public exploit has been identified at time of analysis, and it is not listed in CISA KEV. Microsoft has released a patch through the MSRC update guide.

Microsoft Integer Overflow Buffer Overflow Windows Terminal App
NVD
CVSS 3.1
7.5
CVE-2026-48354 MEDIUM This Month

CAI Content Credentials is affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Denial Of Service Integer Overflow C2Pa C2Pa Web C2Patool
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2026-48342 HIGH This Week

Arbitrary code execution in Adobe Bridge arises from an integer overflow (CWE-190) triggered when a victim opens a maliciously crafted file, allowing an attacker to run code in the context of the current user. The flaw is local and requires user interaction, carrying a CVSS 7.8 (High) score. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

RCE Integer Overflow Adobe Bridge
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-58594 CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in Microsoft Windows Remote Desktop Protocol allows an unauthorized, unauthenticated network attacker to run arbitrary code by triggering an integer overflow (CWE-190) in RDP processing. The flaw carries a CVSS 9.8 and affects a broad range of Windows client and server builds from Server 2012 through Windows 11 26H1 and Server 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; EPSS is a modest 0.78% (52nd percentile), so risk is currently theoretical but severe if weaponized.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2026-58532 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an authenticated attacker to elevate to SYSTEM by triggering an integer overflow (CWE-190) in a kernel code path. The flaw affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis and no EPSS or KEV data supplied.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-56647 HIGH PATCH Exploit Unlikely This Week

Privilege escalation in the Windows Remote Access Service (RRAS) Infrastructure allows an authenticated attacker to elevate privileges over the network by triggering an integer overflow (CWE-190) in affected code paths. The flaw affects a broad range of Windows 10, Windows 11, and Windows Server releases (2012 R2 through 2025), and Microsoft has released a patch. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the network-reachable EoP profile with only low privileges required makes it a meaningful patch priority.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +14
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2026-54124 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Terminal (shipped on Windows 10 21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2022/2025) arises from an integer overflow (CWE-190) that an unauthorized attacker can trigger, but only after luring a logged-on user into interacting with malicious content. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV, so this is a defense-in-depth patch rather than an emergency, though the CVSS 7.8 reflects full confidentiality, integrity, and availability impact once triggered. Microsoft has released a patch via the MSRC update guide.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-56182 HIGH PATCH This Week

Local privilege escalation in the Windows NTFS file system driver allows an authenticated low-privileged user to gain SYSTEM-level rights by triggering an integer overflow (CWE-190) during filesystem processing. It affects a broad range of supported Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; a vendor patch is available from Microsoft.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-55057 MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.

Information Disclosure Microsoft Integer Overflow Microsoft 365 Apps For Enterprise Microsoft Office 2016 +6
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-55033 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer overflow in the file-parsing path, letting an attacker who convinces a victim to open a crafted document run arbitrary code with the victim's privileges. It affects a broad Office footprint including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, the macOS editions, and SharePoint Server 2016/2019/Subscription Edition. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the 7.8 CVSS and Word's ubiquity make it a routine priority patch.

Buffer Overflow Microsoft Integer Overflow Microsoft 365 Apps For Enterprise Microsoft Office 2019 +9
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVSS 7.5
HIGH PATCH This Week

Remote code execution in Microsoft Windows Terminal allows an unauthenticated attacker to run arbitrary code by tricking a user into interacting with malicious content that triggers an integer overflow (CWE-190). The flaw carries a CVSS 7.5 rating driven by high complexity and required user interaction; no public exploit has been identified at time of analysis, and it is not listed in CISA KEV. Microsoft has released a patch through the MSRC update guide.

Microsoft Integer Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

CAI Content Credentials is affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Denial Of Service Integer Overflow C2Pa +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Bridge arises from an integer overflow (CWE-190) triggered when a victim opens a maliciously crafted file, allowing an attacker to run code in the context of the current user. The flaw is local and requires user interaction, carrying a CVSS 7.8 (High) score. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

RCE Integer Overflow Adobe Bridge
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in Microsoft Windows Remote Desktop Protocol allows an unauthorized, unauthenticated network attacker to run arbitrary code by triggering an integer overflow (CWE-190) in RDP processing. The flaw carries a CVSS 9.8 and affects a broad range of Windows client and server builds from Server 2012 through Windows 11 26H1 and Server 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; EPSS is a modest 0.78% (52nd percentile), so risk is currently theoretical but severe if weaponized.

Buffer Overflow Microsoft Integer Overflow +18
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an authenticated attacker to elevate to SYSTEM by triggering an integer overflow (CWE-190) in a kernel code path. The flaw affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis and no EPSS or KEV data supplied.

Buffer Overflow Microsoft Integer Overflow +18
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Privilege escalation in the Windows Remote Access Service (RRAS) Infrastructure allows an authenticated attacker to elevate privileges over the network by triggering an integer overflow (CWE-190) in affected code paths. The flaw affects a broad range of Windows 10, Windows 11, and Windows Server releases (2012 R2 through 2025), and Microsoft has released a patch. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the network-reachable EoP profile with only low privileges required makes it a meaningful patch priority.

Buffer Overflow Microsoft Integer Overflow +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Terminal (shipped on Windows 10 21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2022/2025) arises from an integer overflow (CWE-190) that an unauthorized attacker can trigger, but only after luring a logged-on user into interacting with malicious content. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV, so this is a defense-in-depth patch rather than an emergency, though the CVSS 7.8 reflects full confidentiality, integrity, and availability impact once triggered. Microsoft has released a patch via the MSRC update guide.

Buffer Overflow Microsoft Integer Overflow +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows NTFS file system driver allows an authenticated low-privileged user to gain SYSTEM-level rights by triggering an integer overflow (CWE-190) during filesystem processing. It affects a broad range of supported Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; a vendor patch is available from Microsoft.

Buffer Overflow Microsoft Integer Overflow +18
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.

Information Disclosure Microsoft Integer Overflow +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer overflow in the file-parsing path, letting an attacker who convinces a victim to open a crafted document run arbitrary code with the victim's privileges. It affects a broad Office footprint including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, the macOS editions, and SharePoint Server 2016/2019/Subscription Edition. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the 7.8 CVSS and Word's ubiquity make it a routine priority patch.

Buffer Overflow Microsoft Integer Overflow +11
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy