Skip to main content

Severity by source

Vendor (microsoft) PRIMARY
8.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Local authenticated low-priv attacker (AV:L/PR:L) triggers a kernel heap overflow with no user interaction, crossing the user-to-kernel boundary (S:C) for full SYSTEM compromise (C/I/A:H).

3.1 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 20:02 vuln.today
CVE Published
Jul 14, 2026 - 17:07 nvd
HIGH 8.8

DescriptionCVE.org

Heap-based buffer overflow in Windows Win32K allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in the Windows Win32K kernel subsystem (CWE-122 heap-based buffer overflow) lets an already-authenticated low-privileged attacker corrupt kernel heap memory and gain SYSTEM-level control across a broad range of Windows client and server releases. The flaw carries a CVSS 3.1 base score of 8.8 with a changed scope (S:C), reflecting that a user-mode process can compromise the kernel security boundary. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged foothold on host
Delivery
Craft malicious Win32K syscall input
Exploit
Trigger heap-based buffer overflow in kernel pool
Execution
Corrupt adjacent kernel object/token
Persist
Execute code in kernel context
Impact
Escalate to SYSTEM privileges

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already possess local, authenticated low-privileged code execution on the target host (CVSS PR:L, AV:L) - this is a post-compromise privilege-escalation primitive, not a remote entry point, so it cannot be triggered across the network or via a lure alone. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) describes a low-complexity, locally-launched attack requiring only low existing privileges and no user interaction, yielding full confidentiality, integrity, and availability impact with a scope change into the kernel - a classic high-value EoP profile scoring 8.8. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already gained a low-privileged foothold on a Windows host - for example through a phishing payload running as a standard user or a compromised low-privilege service account - invokes a crafted sequence of Win32K syscalls that triggers the heap-based buffer overflow. By grooming the kernel pool and corrupting an adjacent object, they overwrite a token or pointer to execute code in kernel context and escalate to SYSTEM. …
Remediation Apply the Microsoft security update for CVE-2026-50489 (patch available per vendor advisory; consult the MSRC Update Guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50489 for the exact KB and build number for each affected OS, as the input does not specify a single fix version). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, enumerate all Windows client and server systems and verify patch availability from Microsoft for CVE-2026-50489; immediately prioritize production servers and systems handling sensitive data for patching. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-56155 HIGH POC
7.8 Jul 14

Local privilege escalation in Microsoft Active Directory Federation Services (AD FS) lets an already-authenticated low-p

CVE-2026-49798 CRITICAL POC
9.3 Jul 14

Local privilege escalation in the Microsoft Windows Kernel allows an unauthorized attacker to gain elevated (SYSTEM-leve

CVE-2026-54128 HIGH POC
8.4 Jul 14

Local code execution in the Windows DHCP Client service stems from a use-after-free (CWE-416) memory-corruption flaw aff

CVE-2026-54992 HIGH POC
8.4 Jul 14

Local code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and s

CVE-2026-50518 CRITICAL
9.8 Jul 14

Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated network attacker to run arbitr

CVE-2026-50667 HIGH POC
7.8 Jul 14

Elevation of privilege in the Windows NTFS file-system driver lets an already-authenticated local user escalate to SYSTE

CVE-2026-50655 HIGH POC
7.8 Jul 14

Local code execution in the Windows Media component of supported Windows 10, Windows 11, and Windows Server (2016 throug

CVE-2026-57092 CRITICAL
9.9 Jul 14

Elevation of privilege in the Windows Hyper-V virtual network switch (VMSwitch) lets an authenticated attacker operating

CVE-2026-56188 CRITICAL
9.8 Jul 14

Remote code execution in the Windows Server Network driver stems from a race condition (CWE-362) that lets an unauthoriz

CVE-2026-56190 CRITICAL
9.8 Jul 14

Remote code execution in Microsoft Windows Remote Desktop (RDP) allows an unauthorized network attacker to run arbitrary

CVE-2026-50447 CRITICAL
9.8 Jul 14

Remote code execution in Microsoft Windows Message Queuing (MSMQ) allows an unauthenticated attacker to run arbitrary co

CVE-2026-56159 CRITICAL
9.8 Jul 14

Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated network attacker to run arbitr

Share

EUVD-2026-44102 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy