Skip to main content

Windows DWM Core Library EUVDEUVD-2026-35754

| CVE-2026-44814 MEDIUM
Heap-based Buffer Overflow (CWE-122)
2026-06-09 secure@microsoft.com GHSA-69c2-3r5g-8m4g
5.5
CVSS 3.1 · NVD
Temporal: 4.8
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CIRCL (temporal)
4.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Jun 09, 2026 - 19:51 vuln.today
Patch available
Jun 09, 2026 - 19:03 EUVD
CVE Published
Jun 09, 2026 - 17:17 nvd
MEDIUM 5.5

DescriptionNVD

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

AnalysisAI

Out-of-bounds heap read in the Windows Desktop Window Manager (DWM) Core Library on Windows 11 26H1 enables authenticated local attackers to disclose high-confidence confidentiality data without user interaction. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) confirms low-complexity local exploitation limited to a single authenticated session, with no integrity or availability impact. No public exploit code has been identified at time of analysis, and the vulnerability does not appear in the CISA KEV catalog.

Technical ContextAI

The Desktop Window Manager (DWM) Core Library is a privileged Windows graphics subsystem component responsible for compositing and rendering the desktop environment, operating with elevated system context. CWE-122 designates this as a heap-based buffer overflow; however, the CVE description specifically characterizes the mechanism as an out-of-bounds read - a notable inconsistency between the assigned CWE and the described behavior. The tags 'Heap Overflow' and 'Buffer Overflow' corroborate a heap memory boundary violation, suggesting that a heap-allocated buffer is read beyond its intended limits, potentially exposing adjacent heap contents such as memory addresses, session tokens, or other sensitive in-process data. The affected platform is Windows 11 version 26H1, CPE-equivalent build range 10.0.28000.0 through 10.0.28000.2268, as confirmed by EUVD-2026-35754. The discrepancy between CWE-122 (write-oriented overflow) and the described read primitive should be verified against the Microsoft MSRC advisory, as it materially affects exploitability assessment.

RemediationAI

Apply the vendor-released patch from Microsoft, upgrading Windows 11 26H1 to build 10.0.28000.2269 or later via Windows Update, Windows Server Update Services (WSUS), or Microsoft Endpoint Configuration Manager. The Microsoft MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44814 is the authoritative source for patch details and supersedence information. As a compensating control prior to patching, restrict interactive and remote logon rights to only explicitly authorized users via Group Policy (User Rights Assignment: 'Allow log on locally', 'Allow log on through Remote Desktop Services'), which limits the pool of principals who can reach the local attack vector. Enforcing least-privilege principles and auditing accounts with interactive logon access reduces exposure; however, this does not eliminate the vulnerability and should not substitute for patching. Note that restricting DWM-adjacent interfaces through Application Control policies may affect desktop compositing functionality and should be tested before broad deployment.

CVE-2026-25173 HIGH POC
8.0 Mar 10

Remote code execution in Windows RRAS affects Windows 10 1607 and Windows Server 2022 23h2 through an integer overflow v

CVE-2026-44812 HIGH
7.8 Jun 09

Local code execution in Microsoft Windows Win32K GRFX (graphics) subsystem allows an attacker with low-privilege local a

CVE-2026-44803 HIGH
7.8 Jun 09

Local code execution in the Windows Win32K GRFX (graphics) subsystem allows an unauthorized attacker with the ability to

CVE-2026-50507 MEDIUM
6.8 Jun 09

BitLocker's protection mechanism on Windows fails to enforce a critical authentication or verification step, permitting

CVE-2026-45658 MEDIUM
6.8 Jun 09

Security feature bypass in Microsoft Windows BitLocker allows an attacker with physical access to circumvent the drive e

CVE-2026-42915 MEDIUM
5.5 Jun 09

Denial-of-service in the Windows TCP/IP stack allows an authenticated attacker on an adjacent network to crash the netwo

CVE-2026-42973 MEDIUM
5.5 Jun 09

Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables a locally authenticated

CVE-2026-42971 MEDIUM
5.5 Jun 09

Windows Push Notifications on multiple Windows 10, Windows 11, and Windows Server versions exposes sensitive memory cont

CVE-2026-42970 MEDIUM
5.5 Jun 09

Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables authenticated local atta

CVE-2026-45602 CRITICAL
9.1 Jun 09

Remote tampering in Microsoft Windows DHCP Server allows unauthenticated network attackers to manipulate critical data w

CVE-2026-25188 HIGH
8.8 Mar 10

Privilege escalation in Windows Telephony Service through heap buffer overflow affects Windows 10 1607, Windows 11 25h2,

CVE-2026-47653 HIGH
8.8 Jun 09

Remote code execution in Microsoft Remote Desktop Client occurs when a user connects to an attacker-controlled RDP serve

Share

EUVD-2026-35754 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy