CVE-2026-45657 – Windows Kernel Remote Code Execution Vulnerability

CVE-2026-45657 is a Critical remote code execution vulnerability in the Windows Kernel caused by a use-after-free condition and heap-based buffer overflow. The flaw can be triggered remotely through specially crafted network traffic and does not require authentication, privileges, or user interaction. Successful exploitation could allow an attacker to execute arbitrary code with system-level privileges, potentially resulting in complete compromise of affected systems.

CVSS Score: 9.8
SEVERITY: Critical
THREAT:
This vulnerability presents a significant threat because it is remotely exploitable over the network. An attacker can send specially crafted network packets to a vulnerable system and trigger memory corruption within the Windows Kernel. Since no user action is required and no credentials are needed, exposed systems may be targeted directly. Successful exploitation could provide attackers with highly privileged code execution capabilities.

EXPLOITS:
Publicly Disclosed: No.
Exploited: No.
Exploitability Assessment: Exploitation Less Likely.
No public exploit code, proof-of-concept (PoC), or active zero-day exploitation is confirmed in the provided data. However, the vulnerability’s technical characteristics make it a high-value target for threat actors due to its network-based attack vector and lack of authentication requirements.

TECHNICAL SUMMARY:
CVE-2026-45657 is associated with CWE-416 (Use After Free) and CWE-122 (Heap-based Buffer Overflow) vulnerabilities within the Windows Kernel. A use-after-free condition occurs when software continues to access memory after it has been released, potentially allowing an attacker to manipulate memory contents and influence program execution. Combined with heap memory corruption, the flaw can enable arbitrary code execution within the kernel context. According to the provided information, specially crafted TCP/IP network traffic can trigger the vulnerability, causing the kernel to improperly process network data and execute attacker-controlled code. Because exploitation occurs in the kernel, successful attacks may result in complete system compromise.

EXPLOITABILITY:
Affected software includes:
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows 11 Version 25H2 for ARM64-based Systems
Windows 11 Version 25H2 for x64-based Systems
Windows 11 Version 26H1 for ARM64-based Systems
Windows 11 Version 26H1 for x64-based Systems
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2025
Windows Server 2025 (Server Core installation)
The vulnerability can be exploited remotely by sending specially crafted network traffic to vulnerable systems. No user interaction, authentication, or prior access is required.

BUSINESS IMPACT:
This vulnerability poses a substantial business risk because it can be exploited remotely without any assistance from users. A successful attack could enable complete system takeover, deployment of ransomware, theft of sensitive information, disruption of critical services, and lateral movement across enterprise environments. Internet-facing systems and critical servers are particularly exposed. The combination of kernel-level code execution, network accessibility, and the absence of authentication requirements significantly increases the potential operational and financial impact.

WORKAROUND:
No mitigations or workarounds are listed.
If immediate patching is not possible, organizations should reduce exposure by limiting unnecessary network access to affected systems, restricting inbound traffic where operationally feasible, and increasing monitoring for unusual network activity targeting Windows hosts.

URGENCY:
This vulnerability requires immediate attention due to its Critical severity, CVSS v3.1 score of 9.8, network attack vector, absence of required privileges, and lack of user interaction. Vulnerabilities with these characteristics are often among the most dangerous because attackers can target systems remotely and potentially gain system-level execution. Although active exploitation has not been reported, the potential impact of successful exploitation is severe enough to justify accelerated deployment of security updates.