HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-45607Published Modified CNA microsoft

CVE-2026-45607: Windows Hyper-V Remote Code Execution Vulnerability

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

Metrics

CVSS v3.1
8.4
Severity
HIGH
Fixed in
10.0.14393.9234
Affected Products
16

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An out-of-bounds read vulnerability in Windows Hyper-V allows a local attacker to execute arbitrary code on the host. The flaw is reachable without any authentication or user interaction, requiring only an existing process or shell on the affected system, as indicated by the CVSS local attack vector. Successful exploitation gives the attacker full control over the host, including the ability to read, modify, or destroy data and disrupt running virtual machines. Patched-image rebuilds at the applicable fix versions are available on HarborGuard for environments running affected Windows builds.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment, with the CVE matched against customer images within minutes of publication using feeds from upstream advisories including Microsoft's CNA disclosures. Coverage extends to custom-built Windows container images alongside base images pulled from public registries.

Available
Triage

HarborGuard is capable of scoring this CVE at CVSS 8.4 (HIGH) and weighting it against each customer environment's compliance policy to determine urgency. Triage output is routed to the appropriate team inbox within each customer organization based on configured policy rules.

Available
Patch

Patched-image rebuilds at the fix versions (10.0.14393.9234, 10.0.17763.8880, 10.0.19044.7417, 10.0.19045.7417, and 10.0.20348.5256) are available on HarborGuard for environments running affected builds. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads.

Available

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no network exposure is required.

  • AuthenticationNot required

    No credentials or account privileges are needed to trigger the vulnerability.

  • Victim interactionNot required

    Exploitation is fully attacker-driven and requires no action from any user on the system.

  • Attack complexityDetail

    The exploit is reliable and condition-free, with no race conditions or special memory layout requirements needed.

Blast Radius

  • Reads arbitrary memory from the Hyper-V host process, exposing secrets, keys, or data belonging to other virtual machines.
  • Writes or corrupts host memory, allowing the attacker to modify hypervisor state or tamper with guest VM configurations.
  • Crashes or destabilizes the Hyper-V host, taking down all virtual machines running on the affected system.
  • Achieves arbitrary code execution at the privilege level of the Hyper-V process, enabling full host takeover.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of CVE publication for any customer image built on an affected Windows version, covering both registry-hosted and pipeline-built images. Where compliance policy permits, HarborGuard can trigger an automatic rebuild against the relevant fix version, run a regression test pass, and open a pull request against affected workloads; for environments with auto-remediation enabled, median time from CVE publication to a merged patch PR for high-severity issues is around 90 minutes. Customers who have not enabled auto-remediation receive a prioritized finding in their HarborGuard dashboard with the specific fix version mapped to each affected image, so engineers can act immediately without manual version lookups.

See how HarborGuard automates this

Fix available

10.0.14393.923410.0.17763.888010.0.19044.741710.0.19045.741710.0.20348.525610.0.22631.721910.0.26100.865510.0.26100.3299510.0.26200.865510.0.28000.2269
Patch commits
Affected packages
  • Microsoft / Windows 10 Version 1607
    < 10.0.14393.9234 (from 10.0.14393.0)
  • Microsoft / Windows 10 Version 1809
    < 10.0.17763.8880 (from 10.0.17763.0)
  • Microsoft / Windows 10 Version 21H2
    < 10.0.19044.7417 (from 10.0.19044.0)
  • Microsoft / Windows 10 Version 22H2
    < 10.0.19045.7417 (from 10.0.19045.0)
  • Microsoft / Windows 11 version 23H2
    < 10.0.22631.7219 (from 10.0.22631.0)
  • Microsoft / Windows 11 Version 23H2
    < 10.0.22631.7219 (from 10.0.22631.0)
  • Microsoft / Windows 11 Version 24H2
    < 10.0.26100.8655 (from 10.0.26100.0)
  • Microsoft / Windows 11 Version 25H2
    < 10.0.26200.8655 (from 10.0.26200.0)
  • Microsoft / Windows 11 version 26H1
    < 10.0.28000.2269 (from 10.0.28000.0)
  • Microsoft / Windows Server 2016
    < 10.0.14393.9234 (from 10.0.14393.0)
  • Microsoft / Windows Server 2016 (Server Core installation)
    < 10.0.14393.9234 (from 10.0.14393.0)
  • Microsoft / Windows Server 2019
    < 10.0.17763.8880 (from 10.0.17763.0)
  • Microsoft / Windows Server 2019 (Server Core installation)
    < 10.0.17763.8880 (from 10.0.17763.0)
  • Microsoft / Windows Server 2022
    < 10.0.20348.5256 (from 10.0.20348.0)
  • Microsoft / Windows Server 2025
    < 10.0.26100.32995 (from 10.0.26100.0)
  • Microsoft / Windows Server 2025 (Server Core installation)
    < 10.0.26100.32995 (from 10.0.26100.0)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References