CVE-2026-20846

Q: What is the severity of CVE-2026-20846?

CVE-2026-20846 has a CVSS score of 7.5 (HIGH). This vulnerability is a buffer over-read in Windows GDI+ that allows an unauthorized attacker to cause a denial of service over a network. It affects Windows systems with GDI+ components, potentially disrupting graphical operations and system stability.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability is a buffer over-read in Windows GDI+ that allows an unauthorized attacker to cause a denial of service over a network. It affects Windows systems with GDI+ components, potentially disrupting graphical operations and system stability.

💻 Affected Systems

Products:

Windows GDI+

Versions: Specific Windows versions as listed in Microsoft advisory

Operating Systems: Windows 10, Windows 11, Windows Server 2016+, Other Windows versions with GDI+

Default Config Vulnerable: ⚠️ Yes

Notes: Systems with GDI+ enabled and network-accessible services using GDI+ are vulnerable

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or persistent denial of service affecting multiple systems in a network environment

🟠

Likely Case

Application crashes or temporary service disruption on affected Windows systems

🟢

If Mitigated

Minimal impact with proper network segmentation and endpoint protection

🌐 Internet-Facing: MEDIUM - Network-accessible but requires specific conditions to trigger

🏢 Internal Only: MEDIUM - Internal systems could be targeted via network shares or internal services

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires network access and ability to trigger the buffer over-read condition

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20846

Restart Required: Yes

Instructions:

1. Open Windows Update settings
2. Check for updates
3. Install all security updates
4. Restart system when prompted

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to systems using GDI+ components

Disable Unnecessary Services

windows

Disable network services that use GDI+ if not required

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Deploy endpoint protection with memory protection features

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for missing security patches related to GDI+

Check Version:

wmic os get caption, version, buildnumber

Verify Fix Applied:

Verify KB patch number from Microsoft advisory is installed via 'wmic qfe list'

📡 Detection & Monitoring

Log Indicators:

Application crashes in Event Viewer related to gdi32.dll or gdiplus.dll
Unexpected process terminations

Network Indicators:

Unusual network traffic to systems using GDI+ services
Multiple connection attempts to GDI+ related ports

SIEM Query:

EventID=1000 OR EventID=1001 AND SourceName contains 'Application Error' AND (Message contains 'gdi32' OR Message contains 'gdiplus')

📊 Metadata

CVE ID: CVE-2026-20846

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-126

EPSS Score: 0.04% exploit probability (13.3th percentile)

Published: February 10, 2026

Last Updated: February 11, 2026

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20846 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 25h2 by Microsoft

Windows 11 25h2 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Disable Unnecessary Services

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities