Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.
AnalysisAI
Integer size truncation in Windows Advanced Rasterization Platform (WARP) enables unauthenticated remote attackers to achieve code execution with elevated privileges across Windows 10, 11, and Server editions by persuading users to interact with malicious content. Microsoft has released security updates addressing this vulnerability across all supported Windows versions. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Windows Advanced Rasterization Platform (WARP) must be active. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Despite the 8.8 CVSS score indicating critical severity, real-world exploitation risk is moderate due to the user interaction requirement. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious web page containing specially formatted WebGL or Canvas rendering commands that trigger WARP processing when viewed in a browser. When a user visits the compromised site or clicks a phishing link, the browser attempts to render graphics content through WARP, causing integer truncation during buffer size calculation. … |
| Remediation | Apply Microsoft security updates immediately to upgrade affected systems to patched builds: Windows 10 1607 to 10.0.14393.9060 or later, Windows 10 1809 to 10.0.17763.8644 or later, Windows 10 21H2 to 10.0.19044.7184 or later, Windows 10 22H2 to 10.0.19045.7184 or later, Windows 11 22H3/23H2 to 10.0.22631.6936 or later, Windows 11 24H2 to 10.0.26100.32690 or later, Windows 11 25H2 to 10.0.26200.8246 or later, Windows Server 2016 to 10.0.14393.9060 or later, Windows Server 2019 to 10.0.17763.8644 or later, Windows Server 2022 to 10.0.20348.5020 or later, Windows Server 2022 23H2 to 10.0.25398.2274 or later, and Windows Server 2025 to 10.0.26100.32690 or later. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Windows 10, 11, and Server systems in your environment and identify current patch levels using WSUS or third-party patch management tools. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-681 – Incorrect Conversion between Numeric Types
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22418
GHSA-whvh-93vh-g249