anonhaven
Ad

CVE-2026-33826

HIGH CVSS 3.1: 8.0
Updated Apr 17, 2026
Microsoft
Parameter Value
CVSS 8.0 (HIGH)
Affected Versions before 10.0.26100.32690
Fixed In 10.0.14393.9060
Type CWE-20 (Improper Input Validation)
Vendor Microsoft
Public PoC No

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.

Attack Parameters

Attack Vector
Adjacent
Requires local network access
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-20 Improper Input Validation

Vulnerable Products 6

Configuration From (including) Up to (excluding)
Microsoft Windows_Server_2012
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft Windows_Server_2016
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
 10.0.14393.9060
Microsoft Windows_Server_2019
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
 10.0.17763.8644
Microsoft Windows_Server_2022
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
 10.0.20348.5020
Microsoft Windows_Server_2022_23h2
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
 10.0.25398.2274
Microsoft Windows_Server_2025
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
 10.0.26100.32690

References 1

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33826
secure@microsoft.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33829

Microsoft

4.3

CVE-2026-33827

Microsoft

8.1

CVE-2026-33824

Microsoft

9.8

CVE-2026-33104

Microsoft

7.0

CVE-2026-33101

Microsoft

7.8