Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.
AnalysisAI
Improper authentication in Windows Active Directory enables local spoofing attacks on unauthenticated users, allowing attackers with local access to bypass authentication mechanisms and gain unauthorized access to sensitive information. This vulnerability affects multiple Windows 10 and Windows 11 versions as well as Windows Server 2016 through 2025. A vendor-released patch is available from Microsoft, and the moderate CVSS score (6.2) reflects the local attack vector requirement combined with high confidentiality impact.
Technical ContextAI
This vulnerability exists in Windows Active Directory authentication logic, classified under CWE-287 (Improper Authentication). The root cause involves inadequate validation of authentication credentials or identity verification at the local system level, enabling spoofing attacks. The Local attack vector (AV:L) indicates the attacker must have local system access to exploit the flaw. The lack of privilege requirement (PR:N) combined with local access means any local user can trigger the vulnerability. The vulnerability does not require user interaction (UI:N), making exploitation straightforward once local access is established. The high confidentiality impact (C:H) but no integrity or availability impact suggests sensitive data can be read through spoofed identities without modification or denial of service.
RemediationAI
Vendor-released patch available from Microsoft. Update Windows systems to the following minimum build versions to remediate: Windows 10 Version 1607 to build 14393.9060 or later, Windows 10 Version 1809 to build 17763.8644 or later, Windows 10 Version 21H2 to build 19044.7184 or later, Windows 10 Version 22H2 to build 19045.7184 or later, Windows 11 Version 22H3 to build 22631.6936 or later, Windows 11 Version 23H2 to build 22631.6936 or later, Windows 11 Version 24H2 to build 26100.32690 or later, Windows 11 Version 25H2 to build 26200.8246 or later, Windows 11 Version 26H1 to build 28000.1836 or later, Windows Server 2016 to build 14393.9060 or later, Windows Server 2019 to build 17763.8644 or later, Windows Server 2022 to build 20348.5020 or later (or 25398.2274 for 23H2 Edition), and Windows Server 2025 to build 26100.32690 or later. Patches are available through Windows Update and Microsoft Update Catalog. No workarounds are documented; patching is the primary remediation path. Organizations should prioritize updates for domain controllers and server systems first, then client systems. See https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32072 for detailed deployment guidance.
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22497