VDB

GCVE-110-NCSC-2026-53

GCVE-110-NCSC-2026-53
Advisory PublishedCVSS 7.8/10
Vulnetix · Advisory published February 10, 2026
A type confusion vulnerability in the Desktop Window Manager allows authorized attackers to locally elevate their privileges, leading to potential local privilege escalation.

Weaknesses (CWE)

CWE-843Access of Resource Using Incompatible Type ('Type Confusion')CWE-122Heap-based Buffer OverflowCWE-416Use After FreeCWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-269Improper Privilege ManagementCWE-693Protection Mechanism FailureCWE-476NULL Pointer DereferenceCWE-287Improper AuthenticationCWE-73External Control of File Name or PathCWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionCWE-284Improper Access ControlCWE-532Insertion of Sensitive Information into Log FileCWE-126Buffer Over-readCWE-822Untrusted Pointer DereferenceCWE-59Improper Link Resolution Before File Access ('Link Following')CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')

Risk Scores

CVSS 3.1
7.8/10
High · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected Products

VendorProductVersionsPlatforms
Microsoftvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›