CVE-2026-44812: Windows Graphics Component Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 6.2.9200.26132
- Affected Products
- 23
HarborGuard Analysis
Synopsis
An integer overflow in the Windows Graphics Component (Win32K - GRFX) allows a local attacker to execute arbitrary code on affected systems. The vulnerability is reached locally, requires no authentication, but does require a user to open a malicious file or interact with crafted content. Successful exploitation gives the attacker full control over the affected process, with high impact to confidentiality, integrity, and availability. Patched-image rebuilds at the fix versions are available on HarborGuard for environments running affected Windows versions.
HarborGuard Coverage
Detection for CVE-2026-44812 is available across every HarborGuard environment; the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built Windows-based container images.
AvailableHarborGuard scores this CVE at 7.8 HIGH (CVSS v3.1) and is capable of weighting findings against each customer organization's compliance policy to determine urgency, routing alerts to the appropriate team inbox within each environment.
AvailablePatched-image rebuilds at versions 6.2.9200.26132, 6.3.9600.23228, 10.0.14393.9234, 10.0.17763.8880, and 10.0.19044.7417 are available on HarborGuard for images running affected Windows versions. For customers who opt into auto-remediation, HarborGuard can perform a rebuild, run a regression test suite, and open a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network exposure is required to trigger the vulnerability.
- AuthenticationNot required
No account or credentials are needed to exploit this vulnerability; the attack vector does not require authentication (PR:N).
- Victim interactionRequired
A user must take an action such as opening a malicious document or viewing crafted graphical content for the exploit to trigger.
- Attack complexityDetail
Exploit reliability is high and no special environmental conditions or race conditions are required; the attack succeeds consistently when the victim interacts with the malicious content.
Blast Radius
- Executes arbitrary code in the context of the affected user or process, giving the attacker control over that execution environment.
- Reads protected files, credentials, or session data accessible to the compromised process.
- Modifies or deletes files and data within the scope of the compromised process.
- Crashes or destabilizes the affected Windows graphics subsystem, causing service disruption for the user session.
How HarborGuard Handles This
Available on HarborGuard: detection for this CVE is matched against all scanned images the moment the record is ingested. For environments running affected Windows 10 or Windows 11 base images, rebuilt images at the patched versions (10.0.14393.9234, 10.0.17763.8880, 10.0.19044.7417, and related releases) are available as soon as the upstream fix is confirmed. Where compliance policy permits, customers with auto-remediation enabled receive a rebuilt image, a regression test run, and a PR opened against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in those environments. For environments where immediate rebuilding is not feasible, compensating controls such as restricting container image base layers to patched OS versions and enforcing image-signing policies on new deployments can reduce exposure while a coordinated upgrade is planned.
Fix available
- Microsoft / Microsoft Excel for Android-
- Microsoft / Microsoft PowerPoint for Android-
- Microsoft / Microsoft Word for Android-
- Microsoft / Windows 10 Version 1607< 10.0.14393.9234 (from 10.0.14393.0)
- Microsoft / Windows 10 Version 1809< 10.0.17763.8880 (from 10.0.17763.0)
- Microsoft / Windows 10 Version 21H2< 10.0.19044.7417 (from 10.0.19044.0)
- Microsoft / Windows 10 Version 22H2< 10.0.19045.7417 (from 10.0.19045.0)
- Microsoft / Windows 11 version 23H2< 10.0.22631.7219 (from 10.0.22631.0)
- Microsoft / Windows 11 Version 23H2< 10.0.22631.7219 (from 10.0.22631.0)
- Microsoft / Windows 11 Version 24H2< 10.0.26100.8655 (from 10.0.26100.0)
- Microsoft / Windows 11 Version 25H2< 10.0.26200.8655 (from 10.0.26200.0)
- Microsoft / Windows 11 version 26H1< 10.0.28000.2269 (from 10.0.28000.0)
- Microsoft / Windows Server 2012< 6.2.9200.26132 (from 6.2.9200.0)
- Microsoft / Windows Server 2012 (Server Core installation)< 6.2.9200.26132 (from 6.2.9200.0)
- Microsoft / Windows Server 2012 R2< 6.3.9600.23228 (from 6.3.9600.0)
- Microsoft / Windows Server 2012 R2 (Server Core installation)< 6.3.9600.23228 (from 6.3.9600.0)
- Microsoft / Windows Server 2016< 10.0.14393.9234 (from 10.0.14393.0)
- Microsoft / Windows Server 2016 (Server Core installation)< 10.0.14393.9234 (from 10.0.14393.0)
- Microsoft / Windows Server 2019< 10.0.17763.8880 (from 10.0.17763.0)
- Microsoft / Windows Server 2019 (Server Core installation)< 10.0.17763.8880 (from 10.0.17763.0)
- Microsoft / Windows Server 2022< 10.0.20348.5256 (from 10.0.20348.0)
- Microsoft / Windows Server 2025< 10.0.26100.32995 (from 10.0.26100.0)
- Microsoft / Windows Server 2025 (Server Core installation)< 10.0.26100.32995 (from 10.0.26100.0)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C