CVE-2026-49796
Windows GDI+ Remote Code Execution Vulnerability
Description
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code locally.
In plain language
AI Act nowThis is a Windows bug where specially crafted content can make Windows GDI+ crash or run code on your PC when you interact with it; if you’re using the listed Windows versions and handle documents/images from others, you should act to update.
CVE-2026-49796 is a heap-based buffer overflow in Windows GDI+ that can be triggered via user interaction with specially crafted content, leading to local arbitrary code execution on affected Windows 10/11 and Windows Server versions without needing authentication.
What to do now
- Check whether your organization runs any of these systems: Windows 10, Windows 11, and Windows Server 2012/2012 R2/2016/2019/2022/2025.
- For each affected system, determine the exact Windows build/version number.
- Update Windows to the fixed version for your platform branch (see the “fixed in” versions below) and reboot if your update process requires it.
- If you cannot update immediately, reduce risk by preventing users from opening unknown or unsolicited files/images and blocking external content downloads where possible.
- After updating, monitor for abnormal crashes and new suspicious activity on endpoints that handled external content.
CVSS Vector Breakdown
AV:LAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:RUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
1 techniqueReferences
- Microsoft and Adobe Patch Tuesday, July 2026 Security Update Reviewen-us·Qualys Security Blog·
- Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilitiesen·Cisco Talos·
- Microsoft Patch Tuesday July 2026 - The AI Acopolypse is Hereen·SANS Internet Storm Center·
- Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-daysen-us·BleepingComputer·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-49796 and every CVE in our database. Create a free account — no credit card required.
Create Free Account