Windows GDI can reveal sensitive information on Windows systems

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.5

Windows GDI can reveal sensitive information on Windows systems

CVE-2026-27930

Summary

An attacker with local access can exploit a vulnerability in Windows' Graphics Device Interface (GDI) to access and reveal sensitive information on a Windows system. This could potentially allow an attacker to gain more insight into the system or its users. To mitigate this risk, ensure your Windows systems are fully updated with the latest security patches.

Original title

Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.

Original description

Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.

nvd CVSS3.1 5.5

Vulnerability type

CWE-125 Out-of-bounds Read

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27930

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026