HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-45593Published Modified CNA microsoft

CVE-2026-45593: Windows SDK Elevation of Privilege Vulnerability

Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.

Metrics

CVSS v3.1
7.8
Severity
HIGH
Fixed in
10.0.17763.8880
Affected Products
14

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A use-after-free vulnerability in the Windows SDK allows a locally authenticated attacker to escalate privileges on affected Windows 10 and Windows 11 systems. The attacker needs only a low-privilege account and no network access; exploitation is performed entirely from an existing local session. Successful exploitation grants the attacker high-level control over confidentiality, integrity, and availability on the host. Patched-image rebuilds at the fix versions are available on HarborGuard for environments running affected Windows base images.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that layer on affected Windows base versions. Any image whose OS layer falls within the affected version ranges is flagged automatically.

Available
Triage

HarborGuard is capable of scoring this CVE at 7.8 HIGH using the CVSS v3.1 vector and weighting the result against each environment's compliance policy to determine breach of configured severity thresholds. Triaged findings are routed to the appropriate team inbox within each customer organization based on image ownership and policy rules.

Available
Patch

Patched-image rebuilds pinned to the applicable fix versions (10.0.17763.8880, 10.0.19044.7417, 10.0.19045.7417, 10.0.20348.5256, 10.0.22631.7219) are available on HarborGuard for any environment running an affected base image. For customers who opt into auto-remediation, HarborGuard is capable of triggering a rebuild, running a regression test suite, and opening a pull request against affected workloads, with a median time from CVE publication to merged patch PR of around 90 minutes for high-severity issues.

Available

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no network path to the target is required.

  • AuthenticationRequired

    Any low-privilege local account is sufficient; no administrative credentials are needed to trigger the vulnerability.

  • Victim interactionNot required

    No action from another user is needed; the attacker executes the exploit entirely within their own session.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special environmental conditions, race conditions, or memory-layout knowledge.

Blast Radius

  • Reads sensitive files, credentials, and process memory accessible only to privileged accounts.
  • Modifies system files, registry keys, and security configurations that a low-privilege account cannot normally touch.
  • Terminates or disrupts system processes and services, causing instability or denial of service on the host.
  • Provides a foothold for lateral movement or persistence by installing privileged backdoors or altering security policy.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-45593 is active across all customer environments, matching images that include affected Windows 10 or Windows 11 base layers against the published version ranges. Patched-image rebuilds at the corrected OS patch levels are available for each affected product line. For customers who opt into auto-remediation, HarborGuard can rebuild the affected image, execute a regression test run, and open a pull request against impacted workloads; for high-severity issues, the median time from CVE publication to a merged patch PR is around 90 minutes. Where compliance policy does not permit automatic remediation, the finding is surfaced in the team inbox with CVSS scoring and affected image inventory so engineers can act manually. Because this is a local privilege escalation with no network requirement, compensating controls for container workloads should include running containers as non-root with tightly scoped Linux capabilities or Windows job-object constraints to limit the blast radius while a base-image update is applied.

See how HarborGuard automates this

Fix available

10.0.17763.888010.0.19044.741710.0.19045.741710.0.20348.525610.0.22631.721910.0.26100.865510.0.26100.3299510.0.26200.865510.0.28000.2269
Patch commits
Affected packages
  • Microsoft / Windows 10 Version 1809
    < 10.0.17763.8880 (from 10.0.17763.0)
  • Microsoft / Windows 10 Version 21H2
    < 10.0.19044.7417 (from 10.0.19044.0)
  • Microsoft / Windows 10 Version 22H2
    < 10.0.19045.7417 (from 10.0.19045.0)
  • Microsoft / Windows 11 version 23H2
    < 10.0.22631.7219 (from 10.0.22631.0)
  • Microsoft / Windows 11 Version 23H2
    < 10.0.22631.7219 (from 10.0.22631.0)
  • Microsoft / Windows 11 Version 24H2
    < 10.0.26100.8655 (from 10.0.26100.0)
  • Microsoft / Windows 11 Version 25H2
    < 10.0.26200.8655 (from 10.0.26200.0)
  • Microsoft / Windows 11 version 26H1
    < 10.0.28000.2269 (from 10.0.28000.0)
  • Microsoft / Windows 11 Version 26H1
    < 10.0.28000.2269 (from 1.0.0)
  • Microsoft / Windows Server 2019
    < 10.0.17763.8880 (from 10.0.17763.0)
  • Microsoft / Windows Server 2019 (Server Core installation)
    < 10.0.17763.8880 (from 10.0.17763.0)
  • Microsoft / Windows Server 2022
    < 10.0.20348.5256 (from 10.0.20348.0)
  • Microsoft / Windows Server 2025
    < 10.0.26100.32995 (from 10.0.26100.0)
  • Microsoft / Windows Server 2025 (Server Core installation)
    < 10.0.26100.32995 (from 10.0.26100.0)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References