Description
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Published: 2026-05-12
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow or wraparound bug in the Windows DWM Core Library permits a user who already has local access to gain higher privileges on the affected system. The flaw can be triggered by manipulated data that causes improper handling of size calculations, leading to a memory corruption condition. The resulting execution of privileged code can compromise confidentiality, integrity, and availability for the machine by allowing local attackers to elevate to system level.

Affected Systems

Affected products include Microsoft Windows 11 versions 24H2, 25H2, and 26H1, as well as Microsoft Windows Server 2025 and the Server Core installation of that edition. The vulnerable components are active on both ARM64 and x64 architectures as indicated by the supplier's common platform enumeration data.

Risk and Exploitability

The vulnerability has a CVSS score of 7.8, indicating significant severity. An exploit would require a privileged attacker already present on the host, which limits the attack surface to local environments. No known public exploit exists and the security advisory does not list the vulnerability in CISA’s KEV catalog. The EPSS score is not available, so the probability of exploitation is uncertain, but the high severity and local nature recommend prompt application of the vendor’s fix.

Generated by OpenCVE AI on May 12, 2026 at 19:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Windows updates that address CVE-2026-42896 from the Microsoft Security Response Center
  • Ensure that user accounts with administrative or elevated privileges are strictly limited to those who require them; remove or disable unnecessary privileged accounts
  • Monitor local logs for unusual privilege escalation attempts or anomalous DWM activity and investigate any suspicious events promptly

Generated by OpenCVE AI on May 12, 2026 at 19:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Title Windows DWM Core Library Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2025
Weaknesses CWE-122
CWE-190
CPEs cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2025
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 11 24h2 Windows 11 25h2 Windows 11 26h1 Windows Server 2025
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-12T17:54:05.242Z

Reserved: 2026-04-30T22:35:54.967Z

Link: CVE-2026-42896

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T18:17:26.470

Modified: 2026-05-12T18:17:26.470

Link: CVE-2026-42896

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T20:00:13Z

Weaknesses