PatchSiren cyber security CVE debrief
CVE-2026-48574 Microsoft CVE debrief
CVE-2026-48574 is a heap-based buffer overflow vulnerability in Windows Media. The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity. An unauthorized attacker can exploit this vulnerability to execute code locally.
- Vendor
- Microsoft
- Product
- Windows 10 Version 1607
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of affected Microsoft Windows versions should apply patches to prevent local code execution.
Technical summary
The vulnerability is caused by a heap-based buffer overflow in Windows Media. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a local attack vector with low attack complexity and no privileges required.
Defensive priority
High
Recommended defensive actions
- Apply patches from Microsoft as soon as possible.
- See ${ref-4} for vendor advisory and mitigation guidance.
Evidence notes
The CVE record ${cve-org} and NVD detail ${nvd} provide additional information on this vulnerability.
Official resources
-
CVE-2026-48574 CVE record
CVE.org
-
CVE-2026-48574 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-48574 was published on ${cvePublishedAt} and modified on ${cveModifiedAt}.