High severity7.8NVD Advisory· Published Apr 14, 2026· Updated Apr 22, 2026

CVE-2026-27924

Description

Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Microsoft/Windows 10 21h23 versions
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*+ 2 more
- cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*range: <10.0.19044.7184
- cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*range: <10.0.19044.7184
- cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*range: <10.0.19044.7184
Microsoft/Windows 10 22h23 versions
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*+ 2 more
- cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*range: <10.0.19045.7184
- cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*range: <10.0.19045.7184
- cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*range: <10.0.19045.7184
Microsoft/Windows 11 23h22 versions
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*+ 1 more
- cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*range: <10.0.22631.6936
- cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*range: <10.0.22631.6936
Microsoft/Windows Server 2022
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
Range: <10.0.20348.5020
Microsoft/Windows Server 2022 23h2
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
Range: <10.0.25398.2274

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

No linked articles in our index yet.