CVE-2026-45592: Windows Internet (wininet.dll) Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 6.3.9600.23228
- Affected Products
- 18
HarborGuard Analysis
Synopsis
An integer overflow in Windows Internet (wininet.dll) allows a local attacker with a low-privilege account to elevate their privileges on affected Windows 10 and Windows 11 systems. The vulnerability is reached locally, requires no user interaction, and exploits an arithmetic wraparound condition in the library to gain full control over the affected process or system. Successful exploitation gives the attacker high-impact read, write, and execution capabilities. Patched-image rebuilds at the fix versions are available on HarborGuard for environments running affected Windows base images.
HarborGuard Coverage
Detection for CVE-2026-45592 is available across every HarborGuard environment, with the CVE ingested from upstream feeds and matched against customer images, including custom-built images that layer on affected Windows base images, within minutes of publication. Any image carrying a vulnerable wininet.dll version is flagged in both registry scans and CI/CD pipeline checks.
AvailableHarborGuard assigns this CVE a CVSS v3.1 score of 7.8 (HIGH) and is capable of weighting that score against each customer environment's compliance policy to determine priority. Findings are routable to the appropriate team inbox within each customer organization based on image ownership and policy configuration.
AvailablePatched-image rebuilds pinned to the fixed versions (for example, 10.0.14393.9234 for Windows 10 1607 and 10.0.19045.7417 for Windows 10 22H2) are available on HarborGuard for affected base images. For customers who opt into auto-remediation, HarborGuard can trigger a rebuild, run regression tests, and open a pull request against affected workloads automatically; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled.
AvailableExploit Conditions
- Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network access to the target is required.
- AuthenticationRequired
Any low-privilege local account is sufficient; the attacker does not need administrative credentials.
- Victim interactionNot required
No user action is needed; the attacker can trigger the overflow without involving another account.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions or specific memory-layout prerequisites.
Blast Radius
- Reads sensitive data accessible to the elevated process, including credentials, session tokens, and protected files.
- Modifies or overwrites files and registry keys that would normally be restricted to privileged accounts.
- Executes arbitrary code at an elevated privilege level, enabling installation of persistent payloads or backdoors.
- Crashes or destabilizes system components if the attacker chooses denial-of-service as an outcome.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-45592 fires against any image built on an affected Windows 10 or Windows 11 base layer as soon as the image enters a connected registry or pipeline. Patched-image rebuilds at the vendor-confirmed fix versions are available for each affected Windows release. For customers who opt into auto-remediation, HarborGuard handles the rebuild, runs a regression test suite against the new image, and opens a pull request against affected workload definitions; for high-severity issues, the median time from CVE publication to merged patch PR is around 90 minutes in auto-remediation-enabled environments. Where compliance policy does not permit automatic changes, the finding is surfaced with fix-version guidance and CVSS scoring for manual review. Customers whose policy restricts auto-remediation can still use the on-demand rebuild capability to produce a patched image for staged rollout.
Fix available
- Microsoft / Windows 10 Version 1607< 10.0.14393.9234 (from 10.0.14393.0)
- Microsoft / Windows 10 Version 1809< 10.0.17763.8880 (from 10.0.17763.0)
- Microsoft / Windows 10 Version 21H2< 10.0.19044.7417 (from 10.0.19044.0)
- Microsoft / Windows 10 Version 22H2< 10.0.19045.7417 (from 10.0.19045.0)
- Microsoft / Windows 11 version 23H2< 10.0.22631.7219 (from 10.0.22631.0)
- Microsoft / Windows 11 Version 23H2< 10.0.22631.7219 (from 10.0.22631.0)
- Microsoft / Windows 11 Version 24H2< 10.0.26100.8655 (from 10.0.26100.0)
- Microsoft / Windows 11 Version 25H2< 10.0.26200.8655 (from 10.0.26200.0)
- Microsoft / Windows 11 version 26H1< 10.0.28000.2269 (from 10.0.28000.0)
- Microsoft / Windows Server 2012 R2< 6.3.9600.23228 (from 6.3.9600.0)
- Microsoft / Windows Server 2012 R2 (Server Core installation)< 6.3.9600.23228 (from 6.3.9600.0)
- Microsoft / Windows Server 2016< 10.0.14393.9234 (from 10.0.14393.0)
- Microsoft / Windows Server 2016 (Server Core installation)< 10.0.14393.9234 (from 10.0.14393.0)
- Microsoft / Windows Server 2019< 10.0.17763.8880 (from 10.0.17763.0)
- Microsoft / Windows Server 2019 (Server Core installation)< 10.0.17763.8880 (from 10.0.17763.0)
- Microsoft / Windows Server 2022< 10.0.20348.5256 (from 10.0.20348.0)
- Microsoft / Windows Server 2025< 10.0.26100.32995 (from 10.0.26100.0)
- Microsoft / Windows Server 2025 (Server Core installation)< 10.0.26100.32995 (from 10.0.26100.0)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C