CVE-2026-34336 | BaseFortify

Thank you illustration

Thank you for your feedback!

Your input helps us improve and create a better experience for you. We appreciate your time!

CVE-2026-34336

Analyzed Analyzed - Analysis Complete

BaseFortify

Publication date: 2026-05-12

Last updated on: 2026-05-14

Assigner: Microsoft Corporation

Description

Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-12

Last Modified

2026-05-14

Generated

2026-05-20

EPSS Evaluated

2026-05-19

NVD

Affected Vendors & Products

Vendor	Product	Version / Range
microsoft	windows_10_1607	to 10.0.14393.9140 (exc)
microsoft	windows_10_1809	to 10.0.17763.8755 (exc)
microsoft	windows_10_21h2	to 10.0.19044.7291 (exc)
microsoft	windows_10_22h2	to 10.0.19045.7291 (exc)
microsoft	windows_11_23h2	to 10.0.22631.7079 (exc)
microsoft	windows_11_24h2	to 10.0.26100.8390 (exc)
microsoft	windows_11_25h2	to 10.0.26200.8390 (exc)
microsoft	windows_11_26h1	to 10.0.28000.2113 (exc)
microsoft	windows_server_2016	to 10.0.14393.9140 (exc)
microsoft	windows_server_2019	to 10.0.17763.8755 (exc)
microsoft	windows_server_2022	to 10.0.20348.5074 (exc)
microsoft	windows_server_2022_23h2	to 10.0.25398.2330 (exc)
microsoft	windows_server_2025	to 10.0.26100.32772 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-126	The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

Attack-Flow Graph

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

EPSS Chart