PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-34336 Microsoft CVE debrief

CVE-2026-34336 is a high-severity Windows issue in the DWM Core Library that can let an authorized attacker disclose information locally. Microsoft’s advisory and NVD both describe the flaw as a buffer over-read, with NVD mapping it to CWE-126 and a CVSS 3.1 score of 7.8 (HIGH). The exposure is limited to local attack conditions, but the potential impact is serious because confidentiality, integrity, and availability are all rated high in the provided vector. The vulnerability affects multiple Windows client and server releases, including Windows 10, Windows 11, and several Windows Server editions, with vulnerable versions bounded by specific fixed build numbers listed in NVD. Organizations should treat this as a patch-management priority for any in-scope Windows systems that have not yet been brought past the listed remedial builds.

Vendor
Microsoft
Product
Windows 10 Version 1607
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-12
Original CVE updated
2026-05-14
Advisory published
2026-05-12
Advisory updated
2026-05-14

Who should care

Windows endpoint and server administrators, vulnerability management teams, patch management owners, and security operations teams responsible for Microsoft estate hardening and update compliance.

Technical summary

The supplied record describes a buffer over-read in the Windows DWM Core Library that enables information disclosure to an authorized local attacker. NVD lists CWE-126 and a CVSS vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local attack conditions, low privileges, and no user interaction requirement. NVD’s CPE criteria show affected Windows 10, Windows 11, and Windows Server releases with remediation defined by minimum fixed build numbers. The vulnerability status is marked Analyzed in the supplied NVD metadata.

Defensive priority

High. Although the attack is local and requires authorization, the issue scores 7.8 HIGH and impacts a broad set of Windows client and server versions. Prioritize remediation on systems where local user access is possible, especially shared endpoints and multi-user servers.

Recommended defensive actions

  • Apply the Microsoft security update referenced in the MSRC advisory for CVE-2026-34336.
  • Verify affected Windows systems are updated beyond the fixed build numbers listed in the NVD CPE criteria.
  • Prioritize patching on Windows endpoints and servers still running the vulnerable builds identified in the advisory.
  • Use asset inventory to confirm coverage across Windows 10, Windows 11, and affected Windows Server editions.
  • Recheck patch compliance after update deployment and remove or isolate systems that cannot be updated promptly.

Evidence notes

All findings are based on the supplied NVD record and the linked Microsoft advisory. NVD lists the vulnerability as CVE-2026-34336, status Analyzed, with CWE-126 and CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The description states that a buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally. NVD also enumerates affected Windows versions and fixed build thresholds. Timeline data supplied with the record shows publication on 2026-05-12 and modification on 2026-05-14. No CISA KEV entry was provided in the source corpus.

Official resources

CVE published 2026-05-12 and updated 2026-05-14, per the supplied CVE timeline. No KEV listing was provided in the source corpus.