Windows GDI Allows Unauthorized Access to Sensitive Data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.5

Windows GDI Allows Unauthorized Access to Sensitive Data

CVE-2026-27931

Summary

A security weakness in Windows GDI could allow an attacker to access sensitive information on a local computer. This means an attacker could potentially access confidential data without permission. Users should keep their Windows systems up-to-date with the latest patches to mitigate this risk.

Original title

Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.

Original description

Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.

nvd CVSS3.1 5.5

Vulnerability type

CWE-125 Out-of-bounds Read

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27931

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026