Cyber Resilience

CVE-2026-32221

High

Published: 14 April 2026

Published
14 April 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0029 20.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-32221 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 11 24H2. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-32221 is a heap-based buffer overflow vulnerability (CWE-122) in the Microsoft Graphics Component. This flaw allows an unauthorized attacker to execute code locally and carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability with low complexity and no privileges required.

A local attacker can exploit this vulnerability without user interaction by triggering the buffer overflow in the Microsoft Graphics Component. Successful exploitation enables arbitrary code execution in the context of the affected component, potentially leading to full system compromise given the high impact ratings across all security principles.

The official Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32221 provides details on patches and mitigation guidance for this vulnerability, published on 2026-04-14.

EU & UK References

Vulnerability details

Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Heap buffer overflow in local Microsoft Graphics Component enables arbitrary code execution with no privileges or user interaction required (AV:L/PR:N/UI:N), directly mapping to exploitation for privilege escalation and potential full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24283Same product: Microsoft Windows 11 24H2
CVE-2026-42896Same product: Microsoft Windows 11 24H2
CVE-2026-21245Same product: Microsoft Windows 11 24H2
CVE-2026-32222Same product: Microsoft Windows 11 24H2
CVE-2026-33840Same product: Microsoft Windows 11 24H2
CVE-2026-25167Same product: Microsoft Windows 11 24H2
CVE-2026-40369Same product: Microsoft Windows 11 24H2
CVE-2026-33841Same product: Microsoft Windows 11 24H2
CVE-2026-33101Same product: Microsoft Windows 11 24H2
CVE-2026-26176Same product: Microsoft Windows 11 24H2

Affected Assets

microsoft
windows 11 24h2
≤ 10.0.26100.8246 · ≤ 10.0.26100.8246
microsoft
windows 11 25h2
≤ 10.0.26200.8246 · ≤ 10.0.26200.8246
microsoft
windows 11 26h1
≤ 10.0.28000.1836 · ≤ 10.0.28000.1836
microsoft
windows server 2025
≤ 10.0.26100.32690

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification, reporting, prioritization, and timely remediation of the heap-based buffer overflow vulnerability in the Microsoft Graphics Component via patching.

prevent

Implements memory protections such as DEP, ASLR, and stack canaries to prevent exploitation of the heap-based buffer overflow for arbitrary code execution.

prevent

Validates and sanitizes inputs processed by the Microsoft Graphics Component to mitigate buffer overflows triggered by malformed graphics data.

References