CVE-2026-45594

Summary

Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 160710.0.14393.0 < 10.0.14393.9234affected
MicrosoftWindows 10 Version 180910.0.17763.0 < 10.0.17763.8880affected
MicrosoftWindows 10 Version 21H210.0.19044.0 < 10.0.19044.7417affected
MicrosoftWindows 10 Version 22H210.0.19045.0 < 10.0.19045.7417affected
MicrosoftWindows 11 version 23H210.0.22631.0 < 10.0.22631.7219affected
MicrosoftWindows 11 Version 23H210.0.22631.0 < 10.0.22631.7219affected
MicrosoftWindows 11 Version 24H210.0.26100.0 < 10.0.26100.8655affected
MicrosoftWindows 11 Version 25H210.0.26200.0 < 10.0.26200.8655affected
MicrosoftWindows 11 version 26H110.0.28000.0 < 10.0.28000.2269affected
MicrosoftWindows Server 201610.0.14393.0 < 10.0.14393.9234affected
MicrosoftWindows Server 2016 (Server Core installation)10.0.14393.0 < 10.0.14393.9234affected
MicrosoftWindows Server 201910.0.17763.0 < 10.0.17763.8880affected
MicrosoftWindows Server 2019 (Server Core installation)10.0.17763.0 < 10.0.17763.8880affected
MicrosoftWindows Server 202210.0.20348.0 < 10.0.20348.5256affected
MicrosoftWindows Server 202510.0.26100.0 < 10.0.26100.32995affected
MicrosoftWindows Server 2025 (Server Core installation)10.0.26100.0 < 10.0.26100.32995affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References