What is CVE-2026-45586?

CVE-2026-45586 is a high-severity vulnerability in Microsoft Windows_10_1607, classified under Improper Link Resolution Before File Access. CVSS score: 7.8/10. Published 2026-06-09.

How severe is CVE-2026-45586?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Microsoft Windows_10_1607

CVE-2026-45586

Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Microsoft Windows_10_1607
Microsoft Windows_10_1809
Microsoft Windows_10_21h2
Microsoft Windows_10_22h2
Microsoft Windows_11_23h2
Microsoft Windows_11_24h2
Microsoft Windows_11_25h2
Microsoft Windows_11_26h1
Microsoft Windows_server_2012 — versions r2
Microsoft Windows_server_2016

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

secure@microsoft.com (Vendor Advisory)

Frequently asked questions

What is CVE-2026-45586?: CVE-2026-45586 is a high-severity vulnerability in Microsoft Windows_10_1607, classified under Improper Link Resolution Before File Access. CVSS score: 7.8/10. Published 2026-06-09.
How severe is CVE-2026-45586?: High severity. CVSS v3 base score is 7.8 out of 10.