CVE-2026-32155
Published: 14 April 2026
Summary
CVE-2026-32155 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the use-after-free vulnerability in Desktop Window Manager by requiring timely remediation through application of Microsoft's patches.
Implements memory protection safeguards such as DEP and ASLR that prevent unauthorized code execution from use-after-free exploits in core components like DWM.
Enforces least privilege on local low-privileged accounts, reducing the attack surface for triggering the privilege escalation vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in Desktop Window Manager enables local memory corruption leading to code execution with elevated privileges, directly mapping to T1068 Exploitation for Privilege Escalation.
NVD Description
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
Deeper analysisAI
CVE-2026-32155 is a use-after-free vulnerability (CWE-416) in the Desktop Window Manager, a core Windows component responsible for compositing windows and rendering the desktop environment. Published on 2026-04-14, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact despite requiring local access.
The vulnerability can be exploited by an authorized local attacker possessing low privileges. Exploitation involves low-complexity techniques with no user interaction needed, enabling the attacker to trigger the use-after-free condition in Desktop Window Manager. Successful exploitation allows privilege escalation, granting high impacts on confidentiality, integrity, and availability, such as executing code at elevated privilege levels.
Microsoft's advisory provides guidance on mitigation through the update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32155.
Details
- CWE(s)