HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-45637Published Modified CNA microsoft

CVE-2026-45637: Microsoft DWM Core Library Elevation of Privilege Vulnerability

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Metrics

CVSS v3.1
7.8
Severity
HIGH
Fixed in
10.0.17763.8880
Affected Products
13

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A use-after-free vulnerability in the Windows Desktop Window Manager (DWM) Core Library allows a local attacker with a standard user account to elevate their privileges on the affected machine. The flaw is reached locally, requires no network exposure, and exploitation does not depend on any action by another user. Successful exploitation gives the attacker full control over the host, combining high confidentiality, integrity, and availability impact. Patched-image rebuilds at the relevant fix versions are available on HarborGuard for environments running affected Windows base images.

HarborGuard Coverage

Detection

Detection for CVE-2026-45637 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that layer on top of affected Windows base images.

Available
Triage

HarborGuard is capable of scoring this finding at CVSS 7.8 (HIGH) and applying per-environment compliance policy weighting to prioritize it appropriately; once scored, the finding can be routed to the designated inbox or ticketing integration for the relevant team within each customer organization.

Available
Patch

Patched-image rebuilds at fix versions 10.0.17763.8880, 10.0.19044.7417, 10.0.19045.7417, 10.0.20348.5256, and 10.0.22631.7219 (and later) become available on HarborGuard as soon as those base layers are published upstream. For customers who opt into auto-remediation, HarborGuard is capable of performing the rebuild, running a regression test suite, and opening a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no network path to the service is required.

  • AuthenticationRequired

    Any low-privilege local account is sufficient; the attacker does not need administrative credentials.

  • Victim interactionNot required

    No action from another user is needed; the attacker can trigger the vulnerability entirely on their own.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions or specific memory layout requirements.

Blast Radius

  • A successful attacker reads protected system files, credentials, and secrets stored on the host.
  • A successful attacker modifies system configuration, persisted files, and other users' data on the machine.
  • A successful attacker can crash or disable the operating system or any service running on it.
  • Combined high impact across all three dimensions means a standard user account effectively becomes a full system compromise.

How HarborGuard Handles This

Available on HarborGuard: detection for this HIGH-severity use-after-free is matched against customer images within minutes of CVE publication, covering both vendor-supplied and internally built Windows container images. Where compliance policy permits, HarborGuard can rebuild affected images at the appropriate fix version and open a pull request against impacted workloads; for environments with auto-remediation enabled, median time from CVE publication to a merged patch PR for high-severity issues is around 90 minutes. Customers who have not yet enabled auto-remediation can review the finding in the HarborGuard dashboard, where the specific fix version needed for each affected image variant is listed alongside the CVSS detail and policy-weighted priority score.

See how HarborGuard automates this

Fix available

10.0.17763.888010.0.19044.741710.0.19045.741710.0.20348.525610.0.22631.721910.0.26100.865510.0.26100.3299510.0.26200.865510.0.28000.2269
Patch commits
Affected packages
  • Microsoft / Windows 10 Version 1809
    < 10.0.17763.8880 (from 10.0.17763.0)
  • Microsoft / Windows 10 Version 21H2
    < 10.0.19044.7417 (from 10.0.19044.0)
  • Microsoft / Windows 10 Version 22H2
    < 10.0.19045.7417 (from 10.0.19045.0)
  • Microsoft / Windows 11 version 23H2
    < 10.0.22631.7219 (from 10.0.22631.0)
  • Microsoft / Windows 11 Version 23H2
    < 10.0.22631.7219 (from 10.0.22631.0)
  • Microsoft / Windows 11 Version 24H2
    < 10.0.26100.8655 (from 10.0.26100.0)
  • Microsoft / Windows 11 Version 25H2
    < 10.0.26200.8655 (from 10.0.26200.0)
  • Microsoft / Windows 11 version 26H1
    < 10.0.28000.2269 (from 10.0.28000.0)
  • Microsoft / Windows Server 2019
    < 10.0.17763.8880 (from 10.0.17763.0)
  • Microsoft / Windows Server 2019 (Server Core installation)
    < 10.0.17763.8880 (from 10.0.17763.0)
  • Microsoft / Windows Server 2022
    < 10.0.20348.5256 (from 10.0.20348.0)
  • Microsoft / Windows Server 2025
    < 10.0.26100.32995 (from 10.0.26100.0)
  • Microsoft / Windows Server 2025 (Server Core installation)
    < 10.0.26100.32995 (from 10.0.26100.0)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References