PatchSiren cyber security CVE debrief
CVE-2026-45604 Microsoft CVE debrief
CVE-2026-45604 is a MEDIUM severity vulnerability with a CVSS score of 5.5. It is an out-of-bounds read issue in the Windows Application Identity (AppID) Subsystem that allows an authorized attacker to disclose information locally. The vulnerability was published on [cvePublishedAt]2026-06-09T17:17:29.097Z[/cvePublishedAt] and last modified on [cveModifiedAt]2026-06-11T18:40:43.393Z[/cveModifiedAt].
- Vendor
- Microsoft
- Product
- Windows 11 version 23H2
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-11
Who should care
This vulnerability affects multiple versions of Windows 11 and Windows Server 2025. Users of these systems should apply patches or mitigations as available.
Technical summary
The vulnerability is an out-of-bounds read issue in the Windows Application Identity (AppID) Subsystem. This could allow an authorized attacker to disclose information locally. The Common Vulnerabilities and Exposures (CVE) score is 5.5, indicating a MEDIUM severity level. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Defensive priority
Apply patches or mitigations as available. This vulnerability requires local access and authorization to exploit.
Recommended defensive actions
- Apply patches or mitigations as available from Microsoft.
- Ensure that only authorized users have access to affected systems.
Evidence notes
Evidence for this CVE comes from the National Vulnerability Database (NVD) and Microsoft's security advisories.
Official resources
-
CVE-2026-45604 CVE record
CVE.org
-
CVE-2026-45604 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-45604 was disclosed by Microsoft on [cvePublishedAt]2026-06-09T17:17:29.097Z[/cvePublishedAt].