anonhaven
Ad

CVE-2026-26154

HIGH CVSS 3.1: 7.5
Updated Apr 17, 2026
Parameter Value
CVSS 7.5 (HIGH)
Type CWE-20 (Improper Input Validation)
Public PoC No

Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-20 Improper Input Validation

References 1

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26154
secure@microsoft.com
Share Post Share Share Share