Skip to main content

Microsoft CVE-2026-27912

| EUVDEUVD-2026-22453 HIGH
Improper Authorization (CWE-285)
2026-04-14 microsoft
8.0
CVSS 3.1 · NVD
Temporal: 7.0
Share

Severity by source

NVD PRIMARY
8.0 HIGH
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
7.0 HIGH
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:29 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22453
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:58 nvd
HIGH 8.0

DescriptionCVE.org

Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.

AnalysisAI

Windows Kerberos authorization bypass enables authenticated attackers on adjacent networks to escalate privileges to high integrity levels across Windows Server 2012 through 2025. The flaw affects both desktop experience and Server Core installations. Vendor-released patches are available for all affected versions. No public exploit identified at time of analysis, though the low attack complexity (AC:L) and lack of user interaction (UI:N) suggest straightforward exploitation once adjacent network access is achieved.

Technical ContextAI

This vulnerability exploits improper authorization enforcement (CWE-285) within the Windows Kerberos implementation, the default authentication protocol for Active Directory environments. Kerberos relies on ticket-granting services and authorization data embedded in service tickets to enforce access controls. The authorization flaw allows an attacker with low-privilege credentials to manipulate or bypass authorization checks during the Kerberos authentication process, potentially forging privileged access tokens or obtaining unauthorized service tickets. The adjacent network attack vector (AV:A) indicates the attacker must be on the same network segment as the target, typical in domain environments where Kerberos traffic occurs. All Windows Server versions from 2012 through 2025 are affected, including Server Core installations which are commonly deployed in enterprise infrastructure for reduced attack surface. The scope remains unchanged (S:U), meaning the vulnerability does not allow breaking out of the immediate security context, but achieves complete compromise within that context (C:H/I:H/A:H).

RemediationAI

Apply vendor-released security updates immediately, prioritizing domain controllers and authentication infrastructure. Patched versions include Windows Server 2012 6.2.9200.26026 or later, Windows Server 2012 R2 6.3.9600.23132 or later, Windows Server 2016 10.0.14393.9060 or later, Windows Server 2019 10.0.17763.8644 or later, Windows Server 2022 10.0.20348.5020 or later, Windows Server 2022 23H2 Edition 10.0.25398.2274 or later, and Windows Server 2025 10.0.26100.32690 or later. Download patches through Microsoft Update Catalog or WSUS. Given the Kerberos authentication impact, test patches in non-production domain controllers before enterprise-wide deployment to avoid authentication disruptions. Implement network segmentation to limit adjacent network access to authentication servers, enforce least-privilege access controls to reduce the pool of potential authenticated attackers, and monitor Kerberos traffic for anomalous ticket requests or authorization patterns. Complete remediation guidance is available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27912.

Share

CVE-2026-27912 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy