Skip to main content

Windows Terminal EUVDEUVD-2026-45059

| CVE-2026-59117 HIGH
Integer Overflow or Wraparound (CWE-190)
2026-07-16 microsoft GHSA-g52r-hw2c-c98r
7.5
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
7.5 HIGH
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
7.5 HIGH

Network-delivered content with required victim interaction (UI:R) and non-deterministic memory-corruption conditions (AC:H), no auth needed (PR:N), yielding full code-execution impact (C/I/A:H).

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 16, 2026 - 22:30 vuln.today
CVE Published
Jul 16, 2026 - 21:56 nvd
HIGH 7.5

DescriptionCVE.org

Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code over a network.

AnalysisAI

Remote code execution in Microsoft Windows Terminal allows an unauthenticated attacker to run arbitrary code by tricking a user into interacting with malicious content that triggers an integer overflow (CWE-190). The flaw carries a CVSS 7.5 rating driven by high complexity and required user interaction; no public exploit has been identified at time of analysis, and it is not listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft content triggering integer overflow
Delivery
Deliver malicious content over network
Exploit
Victim interacts in Windows Terminal
Execution
Overflow corrupts memory buffer
Impact
Execute arbitrary code as user

Vulnerability AssessmentAI

Exploitation Exploitation requires user interaction (UI:R) - a victim must open or interact with attacker-crafted content inside Windows Terminal that triggers the integer overflow - and requires overcoming high attack complexity (AC:H), meaning success depends on conditions outside the attacker's full control such as memory layout or timing. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) scores 7.5 (High) with full confidentiality, integrity, and availability impact, but two metrics materially reduce real-world urgency: high attack complexity (AC:H) implies conditions the attacker does not fully control (e.g., winning a race or defeating memory-layout mitigations like ASLR), and required user interaction (UI:R) means a victim must open or interact with attacker-supplied content. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts malicious content designed to trigger the integer overflow when processed by Windows Terminal and delivers it over the network (for example via a file, link, or remotely rendered data). A user opens or interacts with the content in Windows Terminal, the overflow corrupts memory, and the attacker gains arbitrary code execution in the user's context. …
Remediation Patch available per vendor advisory: update Windows Terminal to the fixed version listed in Microsoft's Security Update Guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-59117 - the exact fixed build is not included in the provided input and should be taken from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, create an inventory of systems running Microsoft Windows Terminal and prioritize developer workstations and administrative machines for remediation. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-45059 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy