Is Null Pointer Dereference affected by CVE-2026-32071?

CVE-2026-32071 is a high-severity remote denial-of-service vulnerability affecting Windows 10, Windows 11, and Windows Server (2016-2025) that allows unauthenticated attackers to crash systems over the network.

CVE-2026-32071

EUVD-2026-22496 HIGH

2026-04-14 microsoft

GHSA-mfwr-mq7p-278f

Denial Of Service Null Pointer Dereference Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 22H3 Windows 11 Version 23H2 Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 Windows Server 2016 Windows Server 2016 Server Core Installation Windows Server 2019 Windows Server 2019 Server Core Installation Windows Server 2022 Windows Server 2022 23H2 Edition Server Core Installation Windows Server 2025 Windows Server 2025 Server Core Installation

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 14, 2026 - 19:17 vuln.today

DescriptionNVD

Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

AnalysisAI

Remote denial-of-service in Windows Local Security Authority Subsystem Service (LSASS) allows unauthenticated network attackers to crash Windows systems through null pointer dereference exploitation. Affects Windows 10 (versions 1607-22H2), Windows 11 (22H3-26H1), and Windows Server (2016-2025) across multiple release channels. …

RemediationAI

Within 24 hours: Inventory all Windows 10 (versions 1607-22H2), Windows 11 (22H3-26H1), and Windows Server (2016-2025) systems in production and development environments. Within 7 days: Apply Microsoft vendor patch to all identified systems, prioritizing internet-facing and critical infrastructure servers first. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-32071 vulnerability details – vuln.today

Back

CVE-2026-32071

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code