Microsoft Windows up to 10.0.17763.8755 Narrator Braille untrusted search path

Summaryinfo

A vulnerability classified as critical was found in Microsoft Windows. This vulnerability affects unknown code of the component Narrator Braille. The manipulation results in untrusted search path. This vulnerability was named CVE-2026-48565. The attack needs to be approached locally. There is no available exploit. Applying a patch is advised to resolve this issue.

Detailsinfo

A vulnerability, which was classified as critical, was found in Microsoft Windows. Affected is an unknown function of the component Narrator Braille. The manipulation with an unknown input leads to a untrusted search path vulnerability. CWE is classifying the issue as CWE-426. The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was presented 06/09/2026 as confirmed security update guide (Website). The advisory is shared for download at msrc.microsoft.com. This vulnerability is traded as CVE-2026-48565. The exploitability is told to be easy. The attack needs to be approached locally. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 06/09/2026). The MITRE ATT&CK project declares the attack technique as T1574.

Upgrading to version 10.0.17763.8880 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The best possible mitigation is suggested to be patching the affected component. A possible mitigation has been published immediately after the disclosure of the vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Type

• Operating System

Vendor

• Microsoft

Name

• Windows

Version

• 0.72.0.0
• 1
• 1.000
• 1.1.3520.0
• 1.1.6603.0
• 1.2.7214.0
• 1.3
• 2.0.1070.0
• 2.0.1193.0
• 2.1
• 2.6
• 2.6.2.6
• 2.6.4
• 2.6.5.16
• 3.1.4000.1823
• 3.11
• 4.0
• 4.0 SP1
• 4.0 SP2
• 4.0 SP3
• 4.0 SP5
• 4.0 SP6
• 4.1
• 4.2.223.0
• 5
• 5.0
• 5.1
• 6.0
• 6.0.2900.2180
• 6.00.2900.5512
• 6.1.7600
• 6.2.9200.26026
• 6.2.9200.26132
• 6.3
• 6.3.9600.23132
• 6.3.9600.23228
• 6.4
• 7
• 7 SP1
• 7 SP 1
• 7.0
• 7.1
• 7.5
• 8
• 8.0
• 8.00.00.4477
• 8.1
• 9
• 9.0
• 10
• 10 20H2
• 10 21H1
• 10 21H2
• 10 22H2
• 10 1507
• 10 1511
• 10 1606
• 10 1607
• 10 1703
• 10 1709
• 10 1803
• 10 1809
• 10 1903
• 10 1909
• 10 2004
• 10 HLK version 20H2
• 10 HLK version 21H1
• 10 HLK version 21H2
• 10 HLK Version 22H2
• 10 Mobile
• 10 Version 1809 for 32-bit Systems
• 10.0.14393.9060
• 10.0.14393.9234
• 10.0.17763.8644
• 10.0.17763.8755

License

• commercial

Website

• Vendor: https://www.microsoft.com/
• Product: https://www.microsoft.com/en-us/windows

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion