CVE-2026-45594 Microsoft CVE debrief

Who should care

Administrators and users of affected Microsoft Windows versions should prioritize patching this vulnerability to prevent local information disclosure.

Technical summary

The vulnerability, identified as CVE-2026-45594, is caused by the exposure of sensitive information to an unauthorized actor in the Windows Application Identity (AppID) Subsystem. This allows an authorized attacker to disclose information locally. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 5.5, indicating a MEDIUM severity level. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Defensive priority

Patching is recommended for all affected systems. Microsoft has provided a vendor advisory for this vulnerability at [ref-4](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45594).

Recommended defensive actions

• Apply patches provided by Microsoft for the affected Windows versions.
• Review and implement secure coding practices to minimize the attack surface.
• Monitor systems for any suspicious activity that could indicate exploitation of this vulnerability.

Evidence notes

The vulnerability affects multiple versions of Microsoft Windows, including Windows 10, Windows 11, and Windows Server. A comprehensive list of affected versions can be found in the CVE record [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-45594) and NVD detail [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-45594).

Official resources