Severity by source
AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Windows User Interface Core across Windows 10, 11, and Server 2019-2025 allows low-privileged authenticated attackers to achieve SYSTEM-level access via use-after-free memory corruption. The vulnerability requires high attack complexity and local access but enables container escape (scope change) with full confidentiality, integrity, and availability impact. Vendor-released patches are available for all affected versions. No public exploit identified at time of analysis, though the use-after-free primitive is a well-understood exploitation technique.
Technical ContextAI
This vulnerability stems from a use-after-free condition (CWE-416) in the Windows User Interface Core component, a fundamental subsystem responsible for managing graphical user interface elements and window messaging across all Windows versions. Use-after-free vulnerabilities occur when memory is accessed after being deallocated, creating a window where an attacker can manipulate memory layout to redirect program execution. The affected component spans Windows 10 version 1809 through Windows 11 26H1 and Windows Server 2019-2025, indicating the vulnerable code has persisted across multiple Windows generations. The CVSS scope change (S:C) suggests the vulnerability enables escaping security boundaries, potentially breaking out of sandboxed processes or containers to impact resources beyond the vulnerable component's authorization scope. Microsoft reported this vulnerability, suggesting internal discovery rather than external researcher disclosure.
RemediationAI
Apply Microsoft security updates immediately through Windows Update or WSUS to patch the Windows User Interface Core vulnerability. Specific fix versions: Windows 10 1809 update to build 10.0.17763.8644 or later, Windows 10 21H2 to 10.0.19044.7184, Windows 10 22H2 to 10.0.19045.7184, Windows 11 22H3/23H2 to 10.0.22631.6936, Windows 11 24H2 to 10.0.26100.32690, Windows 11 25H2 to 10.0.26200.8246, Windows 11 26H1 to 10.0.28000.1836, Windows Server 2019 to 10.0.17763.8644, Windows Server 2022 to 10.0.20348.5020, Windows Server 2022 23H2 to 10.0.25398.2274, and Windows Server 2025 to 10.0.26100.32690. No workarounds are documented in the Microsoft advisory. Organizations unable to immediately patch should enforce strict user privilege separation, monitor for unusual process elevation activity, and restrict local logon access to trusted accounts. Review Microsoft Security Response Center guidance at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32165 for deployment considerations.
Same weakness CWE-416 – Use After Free
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22557
GHSA-p8vg-rv38-2jxx