CVE-2026-25190: Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.

high7.8CVSS 3.1

AVLACLPRNUIRSUCHIHAH

Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.

Affected

43 ranges· showing 25

Vendor	Product	Version range	Fixed in
microsoft	windows_10_1607	< 10.0.14393.8957	10.0.14393.8957
microsoft	windows_10_1809	< 10.0.17763.8511	10.0.17763.8511
microsoft	windows_10_21h2	< 10.0.19044.7058	10.0.19044.7058
microsoft	windows_10_22h2	< 10.0.19045.7058	10.0.19045.7058
microsoft	windows_10_version_1607	>= 10.0.14393.0 < 10.0.14393.8957	10.0.14393.8957
microsoft	windows_10_version_1809	>= 10.0.17763.0 < 10.0.17763.8511	10.0.17763.8511
microsoft	windows_10_version_21h2	>= 10.0.19044.0 < 10.0.19044.7058	10.0.19044.7058
microsoft	windows_10_version_22h2	>= 10.0.19045.0 < 10.0.19045.7058	10.0.19045.7058
microsoft	windows_11_23h2	< 10.0.22631.6783	10.0.22631.6783
microsoft	windows_11_24h2	< 10.0.26100.7979	10.0.26100.7979
microsoft	windows_11_25h2	< 10.0.26200.7979	10.0.26200.7979
microsoft	windows_11_26h1	< 10.0.28000.1719	10.0.28000.1719
microsoft	windows_11_version_22h3	>= 10.0.22631.0 < 10.0.22631.6783	10.0.22631.6783
microsoft	windows_11_version_23h2	>= 10.0.22631.0 < 10.0.22631.6783	10.0.22631.6783
microsoft	windows_11_version_24h2	>= 10.0.26100.0 < 10.0.26100.8037	10.0.26100.8037
microsoft	windows_11_version_25h2	>= 10.0.26200.0 < 10.0.26200.8037	10.0.26200.8037
microsoft	windows_11_version_26h1	>= 10.0.28000.0 < 10.0.28000.1719	10.0.28000.1719
microsoft	windows_server_2012	—	—
microsoft	windows_server_2012	>= 6.2.9200.0 < 6.2.9200.25973	6.2.9200.25973
microsoft	windows_server_2012_r2	>= 6.3.9600.0 < 6.3.9600.23074	6.3.9600.23074
microsoft	windows_server_2016	< 10.0.14393.8957	10.0.14393.8957
microsoft	windows_server_2016	>= 10.0.14393.0 < 10.0.14393.8957	10.0.14393.8957
microsoft	windows_server_2019	< 10.0.17763.8511	10.0.17763.8511
microsoft	windows_server_2019	>= 10.0.17763.0 < 10.0.17763.8511	10.0.17763.8511
microsoft	windows_server_2022	< 10.0.20348.4830	10.0.20348.4830