June 2026 brought the largest Patch Tuesday in Microsoft’s history: 206 vulnerabilities fixed, 32 marked critical. Buried in that volume sits the part that demands attention if you run virtualization. Three remote code execution flaws in Windows Hyper-V let an attacker break out of a guest virtual machine and run code on the server hosting it.
What the flaws are
Three separate CVEs share the same pattern: CVE-2026-45607 (CVSS 8.4), CVE-2026-45641 (CVSS 8.4) and CVE-2026-47652 (CVSS 8.2). Cisco Talos classifies them as critical remote code execution in Hyper-V, and all three stem from out-of-bounds reads.
The mechanism is what worries anyone managing shared hosts. Per Microsoft’s description, an authenticated attacker inside a guest VM sends specially crafted file operation requests to hardware resources within that VM. Those requests reach Hyper-V code on the host, trigger an out-of-bounds read, and end up allowing code execution on the host server. That is a guest-to-host escape: the boundary that should keep a VM isolated from the system around it stops doing its job.
Alongside those three, CVE-2026-42972 is an information disclosure flaw in Hyper-V that exposes host memory content. On its own it is lower severity, but chained with an out-of-bounds read it can hand an attacker the memory addresses needed to refine an exploit.
Who it affects
Any Windows Hyper-V deployment, on both client and supported server editions. The real exposure sits wherever guest-to-host isolation is the main line of defense: hosting providers running multiple tenants’ VMs on the same machine, corporate virtualization estates, and labs that run untrusted code inside VMs. If your Hyper-V surface is limited to internal, trusted guests, the risk drops, but the patch is still mandatory.
Some context on severity: Microsoft rated these three RCEs as “less likely” to be exploited. That lowers the urgency compared with an active zero-day, but it does not remove it. A guest-to-host escape is among the worst outcomes in virtualization, and the fact that it needs only an authenticated account on the VM puts it within reach of anyone who already has a foothold inside.
Mitigation
There is no real workaround here. The fix is to apply the June 2026 updates. If you manage Windows Server hosts with the Hyper-V role, prioritize rolling out the patch on the hosts above anything else in the cycle. In the meantime, review which VMs run untrusted workloads and limit who holds credentials inside the guests, since the attack starts from authenticated access to the virtual machine.
Cisco Talos published Snort rules to detect exploitation attempts (Snort 2: 66572-66577 and others; Snort 3: 301523-301525 onward). If you run IPS/IDS, updating the ruleset adds a detection layer while you finish patching.
These flaws shipped in the same cycle as the record CVE count of the June 2026 Patch Tuesday, which also included a critical RCE in the Windows kernel.