CVE-2026-50380
Windows GDI+ Remote Code Execution Vulnerability
Description
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
In plain language
AI Act nowCVE-2026-50380 is a Windows bug that can let an attacker run code through Windows GDI+ when someone opens a specially crafted file; most small businesses should treat this as serious and update.
CVE-2026-50380 is a heap-based buffer overflow in Windows GDI+ that can be triggered by a user opening a specially crafted file, enabling remote code execution without any attacker authentication.
What to do now
- Check which affected Windows versions/build numbers you run on endpoints and servers (Windows 10/11 and Windows Server 2012–2025).
- Compare your build against the fixed versions and note any systems at or below the unfixed releases:
- Windows 10: fixed in 10.0.14393.9339, 10.0.17763.9020, 10.0.19044.7548, 10.0.19045.7548.
- Windows 11: fixed in 10.0.26100.8875, 10.0.26200.8875, 10.0.28000.2269.
- Windows Server 2012: fixed in 6.2.9200.26226.
- Windows Server 2012 R2: fixed in 6.3.9600.23291.
- Windows Server 2016: fixed in 10.0.14393.9339.
- Windows Server 2019: fixed in 10.0.17763.9020.
- Windows Server 2022: fixed in 10.0.20348.5386.
- Install the vendor security update for CVE-2026-50380 on every affected machine (workstations and servers) as soon as possible, starting with machines that open files from email or the internet.
- After updating, re-check the build number to confirm you are on a fixed version, and restart if your update process requires it.
- For devices that cannot be updated right away, reduce exposure by preventing users from opening unknown or externally sourced files (especially files delivered via email) until patching is complete.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:RUser InteractionS:CScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
1 techniqueReferences
- Microsoft and Adobe Patch Tuesday, July 2026 Security Update Reviewen-us·Qualys Security Blog·
- Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilitiesen·Cisco Talos·
- Microsoft Patch Tuesday July 2026 - The AI Acopolypse is Hereen·SANS Internet Storm Center·
- Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-daysen-us·BleepingComputer·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-50380 and every CVE in our database. Create a free account — no credit card required.
Create Free Account