Memory-Disclosure

CVE-2026-45736 is an uninitialized memory disclosure vulnerability affecting Microsoft products, potentially allowing an attacker to read sensitive information from process memory.

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors, allowing attackers to trigger out-of-bounds reads via crafted glTF/GLB files, leading to denial of service and potential memory disclosure.