The Circuitry
THE CIRCUITRYYour one-stop source for all tech news
HOMETODAYNEWSFEEDEVENTS
BOOKMARKS
RSS
© 2026 The Circuitry
About UsSourcesContactCorrectionsPrivacy
  • Today
  • Feed
  • Events
  • Saved
Scroll for more
Verification
VERIFIEDConfidence: HIGH
Source identified
Claims cross-referenced
No discrepancies found
Fact-check summary

Talos Intelligence, Zero Day Initiative, and BleepingComputer corroborate the CVE-2026-50380 Windows GDI+ RCE flaw patched in July 2026 Patch Tuesday.

Sourcing
3independent sources

via NVD

Home/Tech/Critical RCE Flaw in Windows GDI+ Carries 9.6 CVSS Score
VERIFIEDBy Xavier Rivera· ·1.5 min read

Critical RCE Flaw in Windows GDI+ Carries 9.6 CVSS Score

Microsoft disclosed CVE-2026-50380, a critical heap-based buffer overflow in Windows GDI+ that enables remote code execution over a network with a 9.6 CVSS score. The flaw affects numerous Windows 10 and 11 releases and is being patched as part of the July 2026 Patch Tuesday.

Source:NVD
Post
TL;DRAI · 60 sec read

Microsoft disclosed CVE-2026-50380, a critical remote code execution vulnerability in Windows GDI+. The heap-based buffer overflow has a CVSS score of 9.6 and affects several Windows 10 and Windows 11 versions. Patches are available in the July 2026 Patch Tuesday release and no exploitation is known.

Microsoft has disclosed a heap-based buffer overflow vulnerability in Windows GDI+ that allows an unauthorized attacker to execute code over a network.

Microsoft rates the vulnerability as critical. The flaw, tracked as CVE-2026-50380, carries a CVSS base score of 9.6 under version 3.1 with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. It was received by the NVD from Microsoft on July 14, 2026.
Zero Day Initiative explicitly labels the issue a Windows GDI+ Remote Code Execution Vulnerability and states there is no known exploitation in the wild.

The vulnerability affects multiple versions of Windows 10 and Windows 11. Impacted releases include Windows 10 Version 1607 before build 10.0.14393.9339, Windows 10 Version 1809 before 10.0.17763.9020, Windows 10 Version 21H2 before 10.0.19044.7548, and Windows 10 Version 22H2 before 10.0.19045.7548.
From The CircuitryThe Feed — live briefs across tech, all day.See what’s happening →
Windows 11 builds are also exposed. Affected editions encompass Windows 11 Version 24H2 before 10.0.26100.8875, Windows 11 Version 25H2 before 10.0.26200.8875, and Windows 11 version 26H1 before 10.0.28000.2269. The weakness is classified as CWE-122, heap-based buffer overflow.

Talos Intelligence lists CVE-2026-50380 among critical remote code execution vulnerabilities addressed in the July 2026 Patch Tuesday for both Windows GDI+ and GDI. It is grouped with CVE-2026-49796 and CVE-2026-54122. Zero Day Initiative explicitly labels the issue a Windows GDI+ Remote Code Execution Vulnerability and states there is no known exploitation in the wild.
Patches are available through Microsoft’s update channels. Administrators should apply the July 2026 security updates immediately to affected systems running the listed Windows 10 and Windows 11 versions. The NVD record remains marked for further enrichment as additional details become available.

EXPERT TAKE

Enterprise security teams should prioritize this Patch Tuesday release, as the network-attack vector and high impact score make it a prime target for opportunistic threat actors.

Why this mattersAI · ~100 words

Tap a lens to see what this story means for you.

Reader-supported
DonateBuy me a coffee →Follow@thecircuitry_ →Follow@thecircuitry.to →

Reader-supported · Daily Brief

Daily brief at 7 AM ET. Top tech stories, every morning. Sourced and fact-checked.

HELP US IMPROVE
From The Circuitry

See what’s happening right now

The Feed runs all day — short, verified briefs the moment they break.

Open the Feed →
From The Circuitry

Follow @thecircuitry_

Every story we publish, as it happens. No noise between.

Follow on X ↗On Bluesky ↗

Reader-supported

The Circuitry is a passion project I've always wanted to build, and I love the work behind it.

Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.

Any contribution is appreciated. If not, no pressure. Thanks for reading.

Buy me a coffee
WindowsSecurityVulnerability
More inTech
  • IBM Issues Rare Mid-Quarter Warning on AI Memory Shortage

    Tech · 2h
  • Microsoft to cut 605 jobs in Redmond

    Tech · 3h
  • Microsoft Secure Boot bypassed for 13 years via unrevoked shims

    Tech · 3h
SupportThe Work

The Circuitry is reader-supported. If you find the daily brief useful, you can buy me a coffee to keep it going.

Buy a coffee →
SubscribeCircuitry Brief

Daily brief at 7 AM ET. Top tech stories, every morning.

MORE IN TECH

IBM Issues Rare Mid-Quarter Warning on AI Memory Shortage

IBM issued a rare mid-quarter warning that triggered its sharpest single-day stock decline in 115 years on Tuesday, with CEO Arvind Krishna citing an AI-driven global memory shortage shifting enterprise budgets from software to hardware. The change could unsettle vendors beyond IBM as corporate spending prioritizes supply-constrained components.

Microsoft to cut 605 jobs in Redmond

Microsoft has filed notice to permanently lay off 605 workers at its Redmond headquarters effective September 4, 2026. Axios notes 493 Redmond + other WA sites for the 605 total. The cuts are part of a sweeping Xbox gaming division restructure inside a global plan targeting approximately 3,200 roles in FY2027.

Microsoft Secure Boot bypassed for 13 years via unrevoked shims

ESET researchers found that 11 defective Microsoft-signed shims allowed trivial bypasses of UEFI Secure Boot for 13 years until revocation in the June 2026 Patch Tuesday update. The flaw affects Windows and Linux devices alike and enables persistent bootkit installation with minimal attacker effort.