CVE-2026-27923
Published: 14 April 2026
Summary
CVE-2026-27923 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 18.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-27923 is a use-after-free vulnerability (CWE-416) in the Desktop Window Manager, a core Windows component responsible for compositing windows and effects. Published on 2026-04-14T18:17:02.670, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact despite requiring local access.
A local attacker with low privileges (PR:L) can exploit this vulnerability through low-complexity techniques (AC:L) without user interaction (UI:N). Successful exploitation allows privilege escalation, enabling high confidentiality, integrity, and availability impacts (C:H/I:H/A:H) within the local scope (S:U).
Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27923 details available patches and mitigation recommendations for addressing this issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-22472
Vulnerability details
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in privileged Desktop Window Manager component directly enables local privilege escalation from low-privileged context (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation directly addresses the use-after-free vulnerability in Desktop Window Manager by applying Microsoft patches to eliminate the root cause.
Memory protection implements safeguards such as ASLR, DEP, and control flow guard to prevent exploitation of the use-after-free for code execution and privilege escalation.
Least privilege limits the scope and impact of privilege escalation from the Desktop Window Manager vulnerability by restricting unnecessary access rights.