Microsoft Windows Server 2019
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Windows Server 2019.
By the Year
In 2026 there have been 378 vulnerabilities in Microsoft Windows Server 2019 with an average score of 7.3 out of ten. Last year, in 2025 Windows Server 2019 had 685 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Windows Server 2019 in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.01.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 378 | 7.25 |
| 2025 | 685 | 7.24 |
| 2024 | 581 | 7.42 |
| 2023 | 548 | 7.50 |
| 2022 | 553 | 7.42 |
| 2021 | 469 | 7.40 |
| 2020 | 757 | 7.35 |
| 2019 | 454 | 7.29 |
| 2018 | 54 | 7.17 |
It may take a day or so for new Windows Server 2019 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Windows Server 2019 Security Vulnerabilities
Jun 2026: Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-44812
7.8 - High
- June 09, 2026
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
Integer Overflow or Wraparound
Jun 2026: Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-44803
7.8 - High
- June 09, 2026
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
Integer Overflow or Wraparound
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-42985
8.8 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Dangling pointer
Jun 2026: Windows Deployment Services (WDS) Remote Code Execution
CVE-2026-42987
8.1 - High
- June 09, 2026
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.
Dangling pointer
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-44801
7.5 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Dangling pointer
Jun 2026: Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-44802
7.8 - High
- June 09, 2026
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-42983
7.8 - High
- June 09, 2026
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: DHCP Client Service Remote Code Execution Vulnerability
CVE-2026-44815
9.8 - Critical
- June 09, 2026
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
Stack Overflow
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-44799
7.5 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Jun 2026: Windows Network Controller (NC) Host Agent Denial of Service Vulnerability
CVE-2026-44805
5.5 - Medium
- June 09, 2026
Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.
Dangling pointer
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-42992
7.5 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Jun 2026: Winlogon Elevation of Privilege Vulnerability
CVE-2026-42989
7.8 - High
- June 09, 2026
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
insecure temporary file
Jun 2026: Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-42991
7.8 - High
- June 09, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Race Condition
Jun 2026: Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-42977
7.8 - High
- June 09, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Race Condition
Jun 2026: Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-42979
7.8 - High
- June 09, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Race Condition
Jun 2026: Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-42978
7.8 - High
- June 09, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Race Condition
Jun 2026: Microsoft Graphics Component Elevation of Privilege Vulnerability
CVE-2026-42986
7.8 - High
- June 09, 2026
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-42984
7 - High
- June 09, 2026
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: Windows Push Notification Information Disclosure Vulnerability
CVE-2026-42970
5.5 - Medium
- June 09, 2026
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
Information Disclosure
Jun 2026: Windows Push Notification Information Disclosure Vulnerability
CVE-2026-42973
5.5 - Medium
- June 09, 2026
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
Information Disclosure
Jun 2026: Windows Push Notification Information Disclosure Vulnerability
CVE-2026-42969
5.5 - Medium
- June 09, 2026
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
Use of Uninitialized Resource
Jun 2026: Windows Push Notification Information Disclosure Vulnerability
CVE-2026-42971
5.5 - Medium
- June 09, 2026
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
Information Disclosure
Jun 2026: Windows Telephony Server Information Disclosure Vulnerability
CVE-2026-42968
5.5 - Medium
- June 09, 2026
Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Jun 2026: Windows Hyper-V Information Disclosure Vulnerability
CVE-2026-42972
5.5 - Medium
- June 09, 2026
Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.
Information Disclosure
Jun 2026: Windows Telephony Service Elevation of Privilege Vulnerability
CVE-2026-42912
7 - High
- June 09, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Race Condition
Jun 2026: Windows Kerberos Denial of Service Vulnerability
CVE-2026-42914
5.3 - Medium
- June 09, 2026
Windows Kerberos Denial of Service Vulnerability
Out-of-bounds Read
Jun 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-42911
7 - High
- June 09, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: NT OS Kernel Elevation of Privilege Vulnerability
CVE-2026-42916
7.8 - High
- June 09, 2026
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
Integer Overflow or Wraparound
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-42909
7.5 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Race Condition
Jun 2026: NT OS Kernel Elevation of Privilege Vulnerability
CVE-2026-42980
7.8 - High
- June 09, 2026
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
Integer underflow
Jun 2026: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2026-42908
7.5 - High
- June 09, 2026
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
Jun 2026: Windows Shell Information Disclosure Vulnerability
CVE-2026-42907
6.5 - Medium
- June 09, 2026
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
Information Disclosure
Jun 2026: Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-42905
7.8 - High
- June 09, 2026
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-42837
7.8 - High
- June 09, 2026
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
Out-of-bounds Read
Jun 2026: Windows Kerberos Denial of Service Vulnerability
CVE-2026-42903
6.5 - Medium
- June 09, 2026
Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
NULL Pointer Dereference
Jun 2026: Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
CVE-2026-42836
7 - High
- June 09, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
Race Condition
Jun 2026: Windows BitLocker Security Feature Bypass Vulnerability
CVE-2026-50507
6.8 - Medium
- June 09, 2026
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Missing Authentication for Critical Function
Jun 2026: HTTP.sys Denial of Service Vulnerability
CVE-2026-49160
7.5 - High
- June 09, 2026
Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.
Resource Exhaustion
Jun 2026: Windows Media Remote Code Execution Vulnerability
CVE-2026-48574
7.8 - High
- June 09, 2026
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Jun 2026: Windows Boot Manager Security Feature Bypass Vulnerability
CVE-2026-47656
7.9 - High
- June 09, 2026
Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.
Protection Mechanism Failure
Jun 2026: Windows BitLocker Security Feature Bypass Vulnerability
CVE-2026-45658
7.8 - High
- June 09, 2026
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Authorization
Jun 2026: Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-45653
7 - High
- June 09, 2026
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Jun 2026: Windows DHCP Client Information Disclosure Vulnerability
CVE-2026-45608
6.8 - Medium
- June 09, 2026
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Jun 2026: Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-45637
7.8 - High
- June 09, 2026
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-45638
7.8 - High
- June 09, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Jun 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-45603
7 - High
- June 09, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Race Condition
Jun 2026: Windows UPnP Device Host Remote Code Execution Vulnerability
CVE-2026-45635
8.1 - High
- June 09, 2026
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
Object Type Confusion
Jun 2026: Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability
CVE-2026-45602
9.1 - Critical
- June 09, 2026
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
Improper Handling of Values
Jun 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-45596
7 - High
- June 09, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: Windows NTFS Remote Code Execution Vulnerability
CVE-2026-45636
7.8 - High
- June 09, 2026
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Windows Server 2019 or by Microsoft? Click the Watch button to subscribe.
