CVE-2026-58633
Desktop Window Manager Elevation of Privilege Vulnerability
Description
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
In plain language
AI Act nowCVE-2026-58633 is a Windows 11 bug that can let someone using a low-privilege account gain higher access on your computer; this is a serious local security issue, so you should update if you are running Windows 11.
CVE-2026-58633 is a local use-after-free privilege escalation in Windows 11’s Desktop Window Manager (CWE-416), allowing a low-privilege user to elevate their privileges without user interaction.
What to do now
- Check whether your business PCs run Windows 11 and confirm they are not on the affected build.
- Apply the Microsoft fix for CVE-2026-58633 on Windows 11; the fixed version is 10.0.28000.2525.
- After updating, verify Windows is fully patched (Windows Update installed successfully) and restart the affected machines.
CVSS Vector Breakdown
AV:LAttack VectorAC:LAttack ComplexityPR:LPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-58633 and every CVE in our database. Create a free account — no credit card required.
Create Free Account