CVE-2026-57087 – Microsoft Windows Media Foundation Remote Code Execution Vulnerability

CVSS 8.8 IMPORTANT Critical or Zero Day – Immediate Deployment

“A single malicious media file can give attackers the opportunity to run harmful code and put an entire system at risk.”

Microsoft Windows Media Foundation contains a heap-based buffer overflow vulnerability that allows an unauthorized attacker to execute code over a network. Although user interaction is required, such as opening a specially crafted media file, successful exploitation can enable attackers to run arbitrary code with the privileges of the current user. This could lead to full system compromise, data theft, or malware deployment.

CVSS Score: 8.8

SEVERITY: Critical

THREAT:
This vulnerability affects Microsoft Windows Media Foundation and can be exploited by delivering specially crafted media content to a target user. If the vulnerable component processes the malicious file, an attacker may execute arbitrary code, potentially gaining control of the affected system.

EXPLOITS:
The vulnerability was not publicly disclosed at the time of publication. Microsoft assesses exploitation as less likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and there is no confirmation of publicly available proof-of-concept exploit code.

TECHNICAL SUMMARY:
The vulnerability is caused by a heap-based buffer overflow (CWE-122) in Microsoft Windows Media Foundation. Improper handling of specially crafted media content can corrupt heap memory and allow arbitrary code execution. The CVSS v3.1 metrics identify a network attack vector, low attack complexity, no privileges required, and user interaction required. Successful exploitation results in high impact to confidentiality, integrity, and availability.

EXPLOITABILITY:
Affected products include supported editions of Windows 10 versions 1607, 1809, 21H2, and 22H2, Windows 11 versions 24H2, 25H2, and 26H1, and Windows Server 2016, 2019, 2022, and 2025, including affected Server Core installations. Exploitation requires a user to open or otherwise process specially crafted malicious media content.

BUSINESS IMPACT:
A successful attack could allow threat actors to execute malicious code, steal sensitive information, deploy ransomware or malware, and use compromised systems as a foothold for further attacks within the enterprise. The broad range of affected Windows platforms increases the potential organizational impact.

WORKAROUND:
No mitigations or workarounds are available.

URGENCY:
This vulnerability should be prioritized because it is rated Critical with a CVSS v3.1 Base Score of 8.8. Its network attack vector, low attack complexity, and potential for arbitrary code execution make it a significant security risk despite requiring user interaction.

Key Details

Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
CWE Classification
CWE-122
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.