EUVD-2026-22486
2026-04-14
microsoft
Buffer Overflow
Information Disclosure
Microsoft
Windows 10 Version 1607
Windows 10 Version 1809
Windows 10 Version 21H2
Windows 10 Version 22H2
Windows 11 Version 22H3
Windows 11 Version 23H2
Windows 11 Version 24H2
Windows 11 Version 25H2
Windows 11 Version 26H1
Windows Server 2012
Windows Server 2012 Server Core Installation
Windows Server 2012 R2
Windows Server 2012 R2 Server Core Installation
Windows Server 2016
Windows Server 2016 Server Core Installation
Windows Server 2019
Windows Server 2019 Server Core Installation
Windows Server 2022
Windows Server 2022 23H2 Edition Server Core Installation
Windows Server 2025
Windows Server 2025 Server Core Installation
5.5
CVSS 3.1
Temporal: 4.8
Share
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Lifecycle Timeline
1
Analysis Generated
Apr 14, 2026 - 19:42 vuln.today
DescriptionNVD
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
AnalysisAI
Out-of-bounds read in Windows GDI allows local unauthenticated attackers to disclose sensitive information with user interaction. The vulnerability affects Windows 10 versions 1607, 1809, 21H2, and 22H2, all Windows 11 versions from 22H3 through 26H1, and Windows Server 2012 through 2025. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).