CVE-2026-42896
published 2026-05-12CVE-2026-42896: Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_24h2 | < 10.0.26100.8457 | 10.0.26100.8457 |
| microsoft | windows_11_25h2 | < 10.0.26200.8457 | 10.0.26200.8457 |
| microsoft | windows_11_26h1 | < 10.0.28000.2113 | 10.0.28000.2113 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.8457 | 10.0.26100.8457 |
| microsoft | windows_11_version_25h2 | >= 10.0.26200.0 < 10.0.26200.8457 | 10.0.26200.8457 |
| microsoft | windows_11_version_26h1 | >= 10.0.28000.0 < 10.0.28000.2113 | 10.0.28000.2113 |
| microsoft | windows_server_2025 | < 10.0.26100.32860 | 10.0.26100.32860 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.32860 | 10.0.26100.32860 |