Cyber Resilience

CVE-2022-26934

MediumUpdated

Published: 10 May 2022

Published
10 May 2022
Modified
19 May 2026
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score 0.1745 95.2th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-26934 is a medium-severity an unspecified weakness vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 4.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2022-26934 is an information disclosure vulnerability affecting the Windows Graphics Component. It received a CVSS 3.1 base score of 6.5 with the vector string AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating that sensitive data can be exposed under certain remote conditions without authentication.

An unauthenticated attacker can exploit the flaw over a network by convincing a user to interact with specially crafted content, resulting in the disclosure of high-value information from the affected system while integrity and availability remain unaffected.

Microsoft has published official guidance and remediation details for CVE-2022-26934 through its security update channels at the referenced MSRC pages. The EPSS score has remained flat at a peak of 0.1745 with no material increase observed after disclosure.

EU & UK References

Vulnerability details

Windows Graphics Component Information Disclosure Vulnerability

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
365 apps
all versions
microsoft
office
2019
microsoft
office long term servicing channel
2021
microsoft
windows 10 1507
≤ 10.0.10240.19297 · ≤ 10.0.10240.19297
microsoft
windows 10 1607
≤ 10.0.14393.5125 · ≤ 10.0.14393.5125
microsoft
windows 10 1809
10.0.17763.2928 · ≤ 10.0.17763.2928
microsoft
windows 10 1909
≤ 10.0.18363.2274
microsoft
windows 10 20h2
≤ 10.0.19042.1706
microsoft
windows 10 21h1
≤ 10.0.19043.1706
microsoft
windows 10 21h2
≤ 10.0.19044.1706
+10 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References