CVE-2026-44814: Windows DWM Core Library Information Disclosure Vulnerability
Overview
- Severity
- Medium (CVSS 5.5)
- CVSS Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
- Category
- Information Disclosure
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2026-Jun
- Released
- 2026-06-09
Description
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
FAQ
What type of information could be disclosed by this vulnerability?
An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.
Affected Products (2)
Windows
- Windows 11 version 26H1 for x64-based Systems
- Windows 11 Version 26H1 for ARM64-based Systems
Security Updates (1)
Acknowledgments
Owen McCullough with Microsoft, <a href="https://mylostchristmas.tistory.com/20">Seung Chan Kim</a>
Revision History
- 2026-06-09: Information published.