Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.
The use-after-free vulnerability (CWE-416) involves referencing a memory area after it has been freed, which can lead to execution of attacker-controlled code. Additionally, the classified vulnerability CWE-122 indicates a heap buffer overflow, which may co-occur or be related to the same memory handling error in Windows Kernel. The network attack vector (AV:N) without requiring authentication (PR:N) or user interaction (UI:N) makes this vulnerability particularly dangerous.
An attacker can execute arbitrary code with kernel privileges, which in practice means complete system takeover, violation of data confidentiality and integrity, and potential system unavailability.
Patches available from the vendor should be applied in accordance with references at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45657
Windows systems with the vulnerable Windows Kernel component — versions indicated in vendor references (Microsoft Security Response Center).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicrosoft Windows 11 23h2
OSMicrosoft< 10.0.22631.7219Microsoft Windows 11 24h2
OSMicrosoft< 10.0.26100.8655Microsoft Windows 11 25h2
OSMicrosoft< 10.0.26200.8655Microsoft Windows 11 26h1
OSMicrosoft< 10.0.28000.2269Microsoft Windows Server 2022
OSMicrosoft< 10.0.20348.5256Microsoft Windows Server 2025
OSMicrosoft< 10.0.26100.32995
Related vulnerabilities
RCE w Windows Server Update Service (WSUS) — deserializacja danych
Podatność typu tampering w Windows DHCP Server umożliwia nieautoryzowaną modyfikację danych
Stack-based buffer overflow w Windows DHCP Client — zdalne wykonanie kodu
Heap buffer overflow w Windows TCP/IP umożliwia privilege escalation przez sieć
RCE przez integer overflow w Windows HTTP.sys (CVE-2026-47291)