Description
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Published: 2026-05-12
Score: 7.8 High
EPSS: 2.0% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free condition in the ICOMP component of the Windows Win32K subsystem, allowing an authorized local attacker to elevate privileges. The flaw falls under CWE‑416, indicating that a program improperly accesses memory after it has been freed. Once exploited, the attacker could gain higher privileges than originally intended, potentially allowing full system control and the installation of privileged software or unauthorized changes to system configuration.

Affected Systems

Affected systems include Microsoft Windows 11 versions 24H2, 25H2, and 26H1, as well as Microsoft Windows Server 2025 in both full and Server Core installations. The CVE notes arm64 variants for Windows 11 24H2 and 25H2, and an x64 variant for Windows 11 26H1, indicating that the vulnerability spans multiple processor architectures.

Risk and Exploitability

The CVSS score of 7.8 places this flaw in the high severity range. The EPSS score of 2% indicates a low probability of exploitation, yet the high severity means the vulnerability remains significant. It is not listed in the CISA KEV catalog, suggesting there is no widespread evidence of active exploitation yet. The attack vector is inferred to be local; an attacker must already have access to the target system and sufficient privileges to execute code that can trigger the use‑after‑free in the ICOMP component of Win32K.

Generated by OpenCVE AI on June 18, 2026 at 08:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security update from Microsoft for Windows 11 24H2, 25H2, 26H1, and Windows Server 2025 via Windows Update or WSUS.
  • Restrict local administrative privileges to only users who require them and enforce least‑privilege policies for all accounts.
  • Monitor audited events for unexpected privilege escalation attempts after patching and review logs for suspicious activity.

Generated by OpenCVE AI on June 18, 2026 at 08:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Mon, 01 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Thu, 14 May 2026 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*

Wed, 13 May 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2025 (server Core Installation)
Vendors & Products Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2025 (server Core Installation)

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Title Win32k Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2025
Weaknesses CWE-416
CPEs cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2025
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 11 24h2 Windows 11 24h2 Windows 11 25h2 Windows 11 25h2 Windows 11 26h1 Windows 11 26h1 Windows Server 2025 Windows Server 2025 (server Core Installation)
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-19T16:13:21.542Z

Reserved: 2026-03-24T00:52:01.353Z

Link: CVE-2026-33840

cve-icon Vulnrichment

Updated: 2026-05-13T10:02:37.578Z

cve-icon NVD

Status : Modified

Published: 2026-05-12T18:17:06.163

Modified: 2026-06-17T10:38:11.373

Link: CVE-2026-33840

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T08:15:17Z

Weaknesses