Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionNVD
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.
AnalysisAI
Remote code execution in the Windows Kernel allows unauthenticated network attackers to execute arbitrary code by triggering a use-after-free condition (CWE-122 heap-related memory corruption). The flaw was reported by Microsoft (secure@microsoft.com) and carries a critical CVSS 9.8 with no public exploit identified at time of analysis. Tag metadata indicates the bug can also be leveraged for heap overflow and denial-of-service outcomes.
Technical ContextAI
The vulnerability resides in the Windows Kernel, the privileged core of the Microsoft Windows operating system responsible for memory management, process scheduling, device I/O, and network stack handling. The root cause is classified as CWE-122 (Heap-based Buffer Overflow), and the description specifies a use-after-free pattern - meaning kernel code continues to dereference a pointer to a heap object after that object has been freed, allowing an attacker who can influence the reallocation of that heap chunk to corrupt adjacent kernel structures or hijack control flow. Because the issue is reachable 'over a network,' the affected code path almost certainly lives in a network-facing kernel component (for example a kernel-mode protocol handler such as SMB, RPC, HTTP.sys, or a similar driver) rather than in user-mode services. No specific CPE strings were provided in the input.
RemediationAI
Apply Microsoft's monthly security update that addresses CVE-2026-45657 as soon as it is published; the authoritative patch matrix and exact KB article numbers per Windows SKU are listed at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45657. Patch available per vendor advisory; specific fixed build numbers were not provided in the input and must be taken from the MSRC page. Until patching is complete, restrict exposure of network-facing Windows kernel services by blocking inbound traffic to commonly abused kernel-handled ports (SMB 445, RPC 135, and any HTTP.sys-bound listeners) at the perimeter and host firewall, segment Windows hosts so workstations and servers are not reachable from untrusted networks, and prioritize patching of internet-exposed and domain-controller systems first. Note that blocking SMB/RPC will break file sharing, Active Directory replication, and remote management workflows, so workarounds should be treated as short-term compensating controls rather than substitutes for the update.
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35697
GHSA-3r8r-9cjm-whj4