cve 2026 20846

CVE-2026-20846 is a denial-of-service vulnerability in the Microsoft Graphics Component (GDI+). The security advisory indicates that specially crafted graphics input processed by GDI+ can cause affected processes to crash or become unstable. The primary operational risks involve systems that handle untrusted graphics data, such as upload-processing servers, email preview pipelines, and desktop preview or thumbnailing paths. Discussions on WindowsForum cover what to patch and how to harden systems against this vulnerability, including applying the latest Microsoft security updates and reviewing attack surface reduction rules for GDI+. The vulnerability is tracked on the Microsoft Security Response Center update guide.