CVE-2026-25168

Received Received - Intake

Null Pointer Dereference in Microsoft Graphics Causes Local DoS

Publication date: 2026-03-10

Last updated on: 2026-03-13

Assigner: Microsoft Corporation

Description

Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-03-10

Last Modified

2026-03-13

Generated

2026-06-16

AI Q&A

2026-03-10

EPSS Evaluated

2026-06-15

NVD

CVE-2026-25168

EUVD

EUVD-2026-10631

Affected Vendors & Products

Vendor	Product	Version / Range
microsoft	windows_server_2012	r2
microsoft	windows_server_2012	*
microsoft	windows_10_1809	to 10.0.17763.8511 (exc)
microsoft	windows_10_1809	to 10.0.17763.8511 (exc)
microsoft	windows_10_21h2	to 10.0.19044.7058 (exc)
microsoft	windows_10_21h2	to 10.0.19044.7058 (exc)
microsoft	windows_10_21h2	to 10.0.19044.7058 (exc)
microsoft	windows_10_22h2	to 10.0.19045.7058 (exc)
microsoft	windows_10_22h2	to 10.0.19045.7058 (exc)
microsoft	windows_10_22h2	to 10.0.19045.7058 (exc)
microsoft	windows_11_23h2	to 10.0.22631.6783 (exc)
microsoft	windows_11_23h2	to 10.0.22631.6783 (exc)
microsoft	windows_11_24h2	to 10.0.26100.7979 (exc)
microsoft	windows_11_24h2	to 10.0.26100.7979 (exc)
microsoft	windows_11_25h2	to 10.0.26200.7979 (exc)
microsoft	windows_11_25h2	to 10.0.26200.7979 (exc)
microsoft	windows_11_26h1	to 10.0.28000.1719 (exc)
microsoft	windows_11_26h1	to 10.0.28000.1719 (exc)
microsoft	windows_server_2016	to 10.0.14393.8957 (exc)
microsoft	windows_server_2019	to 10.0.17763.8511 (exc)
microsoft	windows_server_2022	to 10.0.20348.4830 (exc)
microsoft	windows_server_2022_23h2	to 10.0.25398.2207 (exc)
microsoft	windows_10_1607	to 10.0.14393.8957 (exc)
microsoft	windows_10_1607	to 10.0.14393.8957 (exc)
microsoft	windows_server_2025	to 10.0.26100.32463 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-476	The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

Executive Summary

This vulnerability is a null pointer dereference in the Microsoft Graphics Component. It allows an unauthorized attacker to cause a denial of service on the affected system locally.

Impact Analysis

The impact of this vulnerability is a denial of service condition, which means an attacker can cause the affected system or application to crash or become unavailable.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Hi! I’m here to help you understand CVE-2026-25168. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-25168

Null Pointer Dereference in Microsoft Graphics Causes Local DoS

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart