CVE-2026-34329
High
Published: 12 May 2026
Published
12 May 2026
Modified
14 May 2026
KEV Added
—
Patch
—
CVSS Score v3.1
8.8
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0046
36.7th percentile
Summary
CVE-2026-34329 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 36.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-29588
Vulnerability details
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?
Heap buffer overflow enables remote code execution by exploiting the MSMQ service over the network.
Confidence: HIGH · MITRE ATT&CK Enterprise v19.0
CVEs Like This One
CVE-2025-21306Same product: Microsoft Windows 10 1607
CVE-2025-21200Same product: Microsoft Windows 10 1607
CVE-2025-21282Same product: Microsoft Windows 10 1607
CVE-2025-21250Same product: Microsoft Windows 10 1607
CVE-2025-21236Same product: Microsoft Windows 10 1607
CVE-2025-21286Same product: Microsoft Windows 10 1607
CVE-2025-24051Same product: Microsoft Windows 10 1607
CVE-2025-21252Same product: Microsoft Windows 10 1607
CVE-2025-21223Same product: Microsoft Windows 10 1607
CVE-2025-21248Same product: Microsoft Windows 10 1607
Affected Assets
microsoft
windows 10 1607
≤ 10.0.14393.9140 · ≤ 10.0.14393.9140
microsoft
windows 10 1809
≤ 10.0.17763.8755 · ≤ 10.0.17763.8755
microsoft
windows 10 21h2
≤ 10.0.19044.7291 · ≤ 10.0.19044.7291 · ≤ 10.0.19044.7291
microsoft
windows 10 22h2
≤ 10.0.19045.7291 · ≤ 10.0.19045.7291 · ≤ 10.0.19045.7291
microsoft
windows 11 23h2
≤ 10.0.22631.7079 · ≤ 10.0.22631.7079
microsoft
windows 11 24h2
≤ 10.0.26100.8390 · ≤ 10.0.26100.8390
microsoft
windows 11 25h2
≤ 10.0.26200.8390 · ≤ 10.0.26200.8390
microsoft
windows 11 26h1
≤ 10.0.28000.2113 · ≤ 10.0.28000.2113
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.9140
+4 more product configuration(s) — see NVD for full list
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.