Windows Hyper-V Remote Code Execution Vulnerability

Plan PatchCVSS 8.4CVE-2026-45641Jun 9, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

What this means

What could happen

An attacker with local access to a Windows server running Hyper-V could execute arbitrary code with system privileges, potentially taking control of virtualized OT systems or the host itself.

Who's at risk

Windows server administrators and utilities running Hyper-V for virtualization of OT systems (SCADA, PLC management, historian servers, engineering workstations). Also affects Windows 10 and 11 desktop systems with Hyper-V enabled in enterprise environments.

How it could be exploited

An attacker must first gain local access to a Windows machine with Hyper-V enabled. They can then exploit the out-of-bounds read vulnerability to execute arbitrary code with system privileges on the host or its virtual machines.

Prerequisites

Local access to a Windows machine with Hyper-V role enabled
No authentication required once local access is achieved

Low complexityNo authentication required for local exploitationAffects hypervisor controlling critical infrastructure VMs

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (10)

10 with fix

ProductAffected VersionsFix Status

Windows Server 2022All versionsBuild 10.0.20348.5256

Windows Server 2022 (Server Core installation)All versionsBuild 10.0.20348.5256

Windows 10 Version 21H2 for x64-based SystemsAll versionsBuild 10.0.19044.7417

Windows 10 Version 22H2 for x64-based SystemsAll versionsBuild 10.0.19045.7417

Windows Server 2025 (Server Core installation)All versionsBuild 10.0.26100.32995

Windows 11 Version 25H2 for x64-based SystemsAll versionsBuild 10.0.26200.8655

Windows 11 Version 23H2 for x64-based SystemsAll versionsBuild 10.0.22631.7219

Windows 11 Version 24H2 for x64-based SystemsAll versionsBuild 10.0.26100.8655

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGReview and restrict local administrator access to Hyper-V hosts—ensure only authorized personnel can log in locally

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

Windows Server 2022

HOTFIXApply Microsoft June 2026 security update or later to all Windows Server 2022, 2025 and Windows 10/11 systems running Hyper-V

Long-term hardening

0/1

HARDENINGIf Hyper-V is not required, disable the Hyper-V role on non-virtualization servers

CVEs (1)

CVE-2026-45641

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e10f5bb6-089e-491b-ad3f-64e9e8a07221

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.