Description
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw in the Windows Desktop Window Manager (DWM) Core Library lets a local attacker with authorized access elevate privileges. The vulnerability allows the attacker to execute code with higher rights than the current user, potentially compromising system integrity and confidentiality.

Affected Systems

Microsoft Windows 11 version 26H1 (x64) is affected. No other products or versions are listed in the CNA data.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity. EPSS data is unavailable, so the current exploitation probability is unknown, but the vulnerability is not listed in the CISA KEV catalog. The flaw requires a user with local authority to trigger the use‑after‑free; it is not remotely exploitable.

Generated by OpenCVE AI on June 9, 2026 at 18:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft update that contains the fix for CVE‑2026‑44807.
  • Ensure that Windows Automatic Updates are enabled so that the patch is downloaded and installed promptly.
  • Reboot the system after installing the update to restart the DWM Core Library with the corrected code.

Generated by OpenCVE AI on June 9, 2026 at 18:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 26h1
Vendors & Products Microsoft windows 11 26h1

Tue, 09 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Title Windows DWM Core Library Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows 11 26h1
Weaknesses CWE-416
CPEs cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*
Vendors & Products Microsoft
Microsoft windows 11 26h1
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 11 26h1 Windows 11 26h1
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T21:51:32.642Z

Reserved: 2026-05-07T20:07:18.271Z

Link: CVE-2026-44807

cve-icon Vulnrichment

Updated: 2026-06-09T17:38:07.304Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:16.610

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-44807

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:00:16Z

Weaknesses