cve-2026-34347

CVE-2026-34347 is an Important-rated Windows Win32k elevation-of-privilege vulnerability disclosed by Microsoft on May 12, 2026. The flaw is a use-after-free bug in the Win32K graphics subsystem that allows a local, authenticated attacker to gain SYSTEM privileges after winning a race condition. While Microsoft reported that the vulnerability was not publicly disclosed or exploited at the time of publication, it resides in a local Windows attack surface that can turn an initial foothold into full machine control. This tag covers discussions about the vulnerability's technical details, patch urgency, and mitigation strategies for administrators.