Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
CVE-2026-34336: Windows DWM Core Library Discloses Local Information
CVE-2026-34336
Summary
An authorized attacker can access sensitive information on a Windows system. This is a concern because it allows the attacker to potentially gather valuable data about the system and its users. To protect your system, apply any available updates and ensure that Windows is running the latest version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| microsoft | windows_10_1607 |
< 10.0.14393.9140 cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* |
| microsoft | windows_10_1809 |
< 10.0.17763.8755 cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
| microsoft | windows_10_21h2 |
< 10.0.19044.7291 cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* |
| microsoft | windows_10_22h2 |
< 10.0.19045.7291 cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* |
| microsoft | windows_11_23h2 |
< 10.0.22631.7079 cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* |
| microsoft | windows_11_24h2 |
< 10.0.26100.8390 cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* |
| microsoft | windows_11_25h2 |
< 10.0.26200.8390 cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:* |
| microsoft | windows_11_26h1 |
< 10.0.28000.2113 cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:* |
| microsoft | windows_server_2016 |
< 10.0.14393.9140 cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
| microsoft | windows_server_2019 |
< 10.0.17763.8755 cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
| microsoft | windows_server_2022 |
< 10.0.20348.5074 cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* |
| microsoft | windows_server_2022_23h2 |
< 10.0.25398.2330 cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* |
| microsoft | windows_server_2025 |
< 10.0.26100.32772 cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* |
Original title
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Original description
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
nvd CVSS3.1
7.8
Vulnerability type
CWE-126
CWE-122
Heap-based Buffer Overflow
Published: 12 May 2026 · Updated: 15 Jun 2026 · First seen: 13 May 2026