Description
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
Published: 2026-06-09
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑bounds read in the Windows DWM Core Library that permits a local, authorized attacker to read memory contents that should not be exposed. The result is the disclosure of sensitive information on the compromised host, potentially including secrets or application data. This flaw is classified under CWE‑122 (Heap-based Buffer Overflow) and CWE‑125 (Out‑of‑Bounds Read).

Affected Systems

Microsoft Windows 11 26H1, 64‑bit edition is affected. No further version granularity is specified beyond the quoted build number.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate risk when considering the confidentiality impact. The EPSS score is unavailable, so luck of exploitation in the wild cannot be quantified. Because the flaw requires that the attacker already has a legitimate local account, the attack surface is restricted to the victim’s own machine, and the vulnerability is not listed in the CISA KEV catalog. Unless the local user has elevated privileges, the exploit is difficult to achieve. Given these constraints, the threat remains moderate and confined to the victim’s environment.

Generated by OpenCVE AI on June 9, 2026 at 18:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest security update for Windows 11 26H1 that addresses CVE‑2026‑44814 via Windows Update or the Microsoft Security Response Center (MSRC) update guide.
  • Apply least‑privilege practices by limiting local account privileges and restricting user access to sensitive data.
  • Continuously monitor Microsoft advisories for further mitigations or additional patches.

Generated by OpenCVE AI on June 9, 2026 at 18:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 26h1
Vendors & Products Microsoft windows 11 26h1

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
Title Windows DWM Core Library Information Disclosure Vulnerability
First Time appeared Microsoft
Microsoft windows 11 26h1
Weaknesses CWE-122
CWE-125
CPEs cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*
Vendors & Products Microsoft
Microsoft windows 11 26h1
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 11 26h1 Windows 11 26h1
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T21:51:35.664Z

Reserved: 2026-05-07T20:07:18.271Z

Link: CVE-2026-44814

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:17.587

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-44814

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:15:06Z

Weaknesses