CVE-2026-56189
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Description
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.
In plain language
AI Act nowThis is a Windows flaw in Windows Media Foundation that can let an attacker run malicious code on your device when they can get the vulnerable component to be used—so you should update, especially on machines used for lots of user content or media.
CVE-2026-56189 is a heap-based buffer overflow (CWE-122) in Microsoft Windows Media Foundation that can lead to local remote code execution without authentication, but it requires user interaction to reach the vulnerable code path.
What to do now
- Check which exact Windows version/build each affected device is running (including whether it’s Windows 10/11 or a Windows Server release).
- Update every affected device to the fixed version for your specific Windows branch: 10.0.14393.9339, 10.0.17763.9020, 10.0.19044.7548, 10.0.19045.7548, 10.0.26100.8875, 10.0.26200.8875, 10.0.28000.2525, 6.2.9200.26226, 6.3.9600.23291, 10.0.20348.5386.
- If you can’t patch right away, temporarily limit exposure of users to untrusted media/content that would trigger Windows Media Foundation (for example, reduce opening unknown files or media from email, chat, or the web on the affected devices) until updates are applied.
- Confirm after updating that the same CVE remains absent by re-checking the OS build and verifying the Windows Update installation succeeded.
CVSS Vector Breakdown
AV:LAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:RUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
1 techniqueReferences
- Microsoft and Adobe Patch Tuesday, July 2026 Security Update Reviewen-us·Qualys Security Blog·
- Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilitiesen·Cisco Talos·
- Microsoft Patch Tuesday July 2026 - The AI Acopolypse is Hereen·SANS Internet Storm Center·
- Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-daysen-us·BleepingComputer·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-56189 and every CVE in our database. Create a free account — no credit card required.
Create Free Account