High severity7.8NVD Advisory· Published May 12, 2026· Updated May 14, 2026
CVE-2026-35421
CVE-2026-35421
Description
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35421nvdVendor Advisory
News mentions
5- May 2026 Patch Tuesday: no zero-days but plenty to fixMalwarebytes Labs · May 13, 2026
- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026
- Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilitiesCisco Talos Intelligence · May 12, 2026
- Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-daysBleepingComputer · May 12, 2026
- May 2026 Patch Tuesday: 30 Critical Vulnerabilities Among 130 CVEsCrowdStrike Blog