Skip to main content

Windows AppID Subsystem EUVDEUVD-2026-35552

| CVE-2026-45594 MEDIUM
Information Exposure (CWE-200)
2026-06-09 secure@microsoft.com GHSA-72fr-xjp6-w256
5.5
CVSS 3.1 · NVD
Temporal: 4.8
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CIRCL (temporal)
4.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 09, 2026 - 19:41 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
MEDIUM 5.5

DescriptionNVD

Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

AnalysisAI

Information disclosure in the Windows Application Identity (AppID) Subsystem exposes sensitive data to locally authenticated, low-privileged attackers across a broad range of Windows 10, Windows 11, and Windows Server versions. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms that exploitation requires only a local session with standard user privileges - no elevated rights or user interaction needed. No public exploit code or CISA KEV listing has been identified at time of analysis, but the wide affected surface spanning consumer and server SKUs makes patching a meaningful priority in multi-user or shared-system environments.

Technical ContextAI

The Windows Application Identity (AppID) service is a core Windows component responsible for determining application identity - it underpins AppLocker and other application control features by evaluating code signing, publisher information, and policy enforcement. CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) describes a root cause where the system fails to enforce proper access controls on sensitive data before making it available to a lower-trust caller. In this case, the flaw resides within the AppID subsystem's local inter-process or kernel interface, allowing a low-privileged local process to read data that should be restricted to higher-privileged contexts. The affected builds span NT kernel versions from 10.0.14393 (Windows 10 1607 / Server 2016) through 10.0.28000 (Windows 11 26H1), indicating the flaw exists across a long-lived code path that was not corrected across version upgrades.

RemediationAI

Apply the Microsoft-released security updates corresponding to each affected Windows version: update Windows 10 1607 and Server 2016 to build 10.0.14393.9234 or later; Windows 10 1809 and Server 2019 to 10.0.17763.8880 or later; Windows 10 21H2 to 10.0.19044.7417 or later; Windows 10 22H2 to 10.0.19045.7417 or later; Windows Server 2022 to 10.0.20348.5256 or later; Windows 11 23H2 to 10.0.22631.7219 or later; Windows 11 24H2 and Server 2025 to 10.0.26100.8655 (client) or 10.0.26100.32995 (server) or later; Windows 11 25H2 to 10.0.26200.8655 or later; and Windows 11 26H1 to 10.0.28000.2269 or later. Patches are available through Windows Update and WSUS; consult the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45594 for deployment guidance. Where immediate patching is not feasible in multi-user or RDS environments, consider restricting local logon access to only trusted users as a compensating control - this reduces exposure by limiting who can execute code locally, though it does not eliminate the underlying vulnerability. Disabling AppLocker or AppID entirely as a workaround is not recommended, as doing so removes application control protections and trades one risk for another.

Share

EUVD-2026-35552 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy