Description
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw in the Windows Desktop Window Manager (DWM) Core Library allows an attacker who already has authorized local access to gain elevated privileges. The vulnerability arises when the library incorrectly handles memory that has been freed, enabling the attacker to control program flow or execute arbitrary code with higher privileges. Because the flaw is local and requires an authorized user, the potential impact is a compromise of the entire host rather than a remote service or data breach.

Affected Systems

Microsoft Windows 11 version 26H1 (x64) is affected. No other vendors or versions are listed.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity for a local privilege escalation. Exploitation requires a legitimate user account and a crafted input to the DWM core, so the attack vector is likely a local authenticated user. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. At present, no public exploit appears to be distributed, but the high severity means that the flaw could be proactively weaponised by an attacker with local access, enabling further compromise of the system.

Generated by OpenCVE AI on June 9, 2026 at 18:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and apply the latest Windows 11 cumulative update that addresses CVE‑2026‑44811
  • Reboot the system after applying the update to ensure all components are reloaded
  • Enforce least privilege for all local users and monitor for suspicious window creation or DWM activity

Generated by OpenCVE AI on June 9, 2026 at 18:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Title Windows DWM Core Library Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows 11 26h1
Weaknesses CWE-122
CWE-20
CPEs cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*
Vendors & Products Microsoft
Microsoft windows 11 26h1
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 11 26h1
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T21:51:31.537Z

Reserved: 2026-05-07T20:07:18.271Z

Link: CVE-2026-44811

cve-icon Vulnrichment

Updated: 2026-06-09T19:13:51.715Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:17.147

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-44811

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T19:00:14Z

Weaknesses