CVE-2026-42986: Microsoft Graphics Component Elevation of Privilege Vulnerability
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 6.2.9200.26132
- Affected Products
- 20
HarborGuard Analysis
Synopsis
A use-after-free vulnerability in the Microsoft Graphics Component allows a locally authenticated attacker to elevate privileges on affected Windows systems. The bug is reached locally and requires only a low-privilege account, with no network exposure and no victim interaction needed. Successful exploitation gives the attacker full control over confidentiality, integrity, and availability on the host. Patched-image rebuilds at the applicable fix versions are available on HarborGuard for environments running affected Windows base images.
HarborGuard Coverage
Detection for CVE-2026-42986 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream advisory feeds, including custom-built images that layer on affected Windows base versions. Every image in a customer registry or CI pipeline is eligible for matching regardless of how it was assembled.
AvailableHarborGuard is capable of scoring this CVE at CVSS 7.8 HIGH and weighting it against each customer environment's compliance policy to surface urgency accurately. Triage routing routes findings to the appropriate team inbox within each customer organization based on image ownership and policy configuration.
AvailableA patched-image rebuild at each applicable fix version (6.2.9200.26132, 6.3.9600.23228, 10.0.14393.9234, 10.0.17763.8880, 10.0.19044.7417, and corresponding Windows 11 versions) is available on HarborGuard for environments running an affected base image. For customers who opt into auto-remediation, HarborGuard is capable of performing the rebuild, running a regression test suite, and opening a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network-facing exposure is required.
- AuthenticationRequired
Any low-privilege local account is sufficient; no administrative or elevated credentials are needed to trigger the vulnerability.
- Victim interactionNot required
The attacker can execute the exploit entirely on their own without requiring any action from another user.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, special memory layout, or other environmental factors.
Blast Radius
- Reads protected files, credentials, and secrets accessible to higher-privilege processes on the host.
- Modifies or overwrites system files, registry keys, and data owned by privileged accounts.
- Terminates or disrupts system services and processes running under elevated contexts.
- Achieves full local administrator or SYSTEM-level control over the compromised host.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-42986 activates against any customer image built on an affected Windows base layer as soon as the CVE enters the ingestion pipeline. For environments where a patched base image exists at the applicable fix version, a rebuilt image becomes available immediately. For customers who opt into auto-remediation, HarborGuard can perform the base-image rebuild, execute a regression run, and open a pull request against affected workloads; for high-severity issues, the median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy permits, the rebuilt image is staged automatically without manual intervention. Customers who manage their own patch cadence can use the HarborGuard finding to identify exactly which image tags carry the vulnerable Graphics Component version and prioritize their own rebuild accordingly.
Fix available
- Microsoft / Windows 10 Version 1607< 10.0.14393.9234 (from 10.0.14393.0)
- Microsoft / Windows 10 Version 1809< 10.0.17763.8880 (from 10.0.17763.0)
- Microsoft / Windows 10 Version 21H2< 10.0.19044.7417 (from 10.0.19044.0)
- Microsoft / Windows 10 Version 22H2< 10.0.19045.7417 (from 10.0.19045.0)
- Microsoft / Windows 11 version 23H2< 10.0.22631.7219 (from 10.0.22631.0)
- Microsoft / Windows 11 Version 23H2< 10.0.22631.7219 (from 10.0.22631.0)
- Microsoft / Windows 11 Version 24H2< 10.0.26100.8655 (from 10.0.26100.0)
- Microsoft / Windows 11 Version 25H2< 10.0.26200.8655 (from 10.0.26200.0)
- Microsoft / Windows 11 version 26H1< 10.0.28000.2269 (from 10.0.28000.0)
- Microsoft / Windows Server 2012< 6.2.9200.26132 (from 6.2.9200.0)
- Microsoft / Windows Server 2012 (Server Core installation)< 6.2.9200.26132 (from 6.2.9200.0)
- Microsoft / Windows Server 2012 R2< 6.3.9600.23228 (from 6.3.9600.0)
- Microsoft / Windows Server 2012 R2 (Server Core installation)< 6.3.9600.23228 (from 6.3.9600.0)
- Microsoft / Windows Server 2016< 10.0.14393.9234 (from 10.0.14393.0)
- Microsoft / Windows Server 2016 (Server Core installation)< 10.0.14393.9234 (from 10.0.14393.0)
- Microsoft / Windows Server 2019< 10.0.17763.8880 (from 10.0.17763.0)
- Microsoft / Windows Server 2019 (Server Core installation)< 10.0.17763.8880 (from 10.0.17763.0)
- Microsoft / Windows Server 2022< 10.0.20348.5256 (from 10.0.20348.0)
- Microsoft / Windows Server 2025< 10.0.26100.32995 (from 10.0.26100.0)
- Microsoft / Windows Server 2025 (Server Core installation)< 10.0.26100.32995 (from 10.0.26100.0)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C