Skip to main content

Desktop Window Manager EUVDEUVD-2026-22537

| CVE-2026-32152 HIGH
Use After Free (CWE-416)
2026-04-14 microsoft GHSA-648m-637p-635w
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:19 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22537
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.8

DescriptionCVE.org

Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

AnalysisAI

Desktop Window Manager (DWM) use-after-free vulnerability enables local privilege escalation to SYSTEM on Windows 11 and Server 2022/2025. Low-complexity attack requires only low-privileged authenticated access with no user interaction, affecting all current Windows 11 versions (22H2 through 26H1) and Server editions. Vendor-released patches available as of May 2026. CVSS 7.8 (High) reflects significant local privilege escalation risk; no public exploit identified at time of analysis, though the

Technical ContextAI

Desktop Window Manager (dwm.exe) is the Windows compositing window manager responsible for visual effects, Aero Glass rendering, and desktop composition since Windows Vista. This vulnerability stems from CWE-416 (Use After Free), a memory corruption class where the DWM process attempts to access previously freed memory objects. Use-after-free conditions in privileged system processes like DWM (which runs with SYSTEM privileges) are particularly dangerous because successful exploitation allows attackers to control freed memory contents and redirect execution flow. The CVSS vector AV:L indicates local access requirement, while PR:L confirms low-privileged authenticated users can trigger the condition. The vulnerability affects the core dwm.exe component across multiple Windows builds, spanning Windows 11 versions 22H2 (build 10.0.22631.x), 23H2, 24H2, 25H2, 26H1 (build 10.0.28000.x), and Windows Server 2022/2025 including Server Core installations. The unscoped (S:U) impact means the vulnerability is contained within the vulnerable component's security context, though given DWM's SYSTEM-level execution, this still represents full system compromise.

RemediationAI

Apply Microsoft security updates immediately to patch the Desktop Window Manager use-after-free vulnerability. Vendor-released patches are available through Windows Update and Microsoft Update Catalog for all affected versions: upgrade Windows 11 22H2/23H2 systems to build 10.0.22631.6936 or later, Windows 11 24H2 and Server 2025 to build 10.0.26100.32690 or later, Windows 11 25H2 to build 10.0.26200.8246 or later, Windows 11 26H1 to build 10.0.28000.1836 or later, Windows Server 2022 to build 10.0.20348.5020 or later, and Windows Server 2022 23H2 Server Core to build 10.0.25398.2274 or later. Organizations should prioritize patching multi-user systems and servers where privilege escalation poses highest risk. No workarounds are documented; patching is the only complete remediation. Refer to the official Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32152 for deployment guidance and update package downloads. Monitor system logs for unexpected dwm.exe crashes or anomalous behavior that might indicate exploitation attempts.

Share

EUVD-2026-22537 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy