Out-of-bounds read in Windows and Windows Server - CVE-2026-50437
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to out-of-bounds read in Windows DWM Core Library when parsing input. A local user can trigger the out-of-bounds read to disclose sensitive information.
An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.