Skip to main content

Microsoft CVE-2026-32072

| EUVDEUVD-2026-22497 MEDIUM
Improper Authentication (CWE-287)
2026-04-14 microsoft
6.2
CVSS 3.1 · NVD
Temporal: 5.4
Share

Severity by source

NVD PRIMARY
6.2 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CIRCL (temporal)
5.4 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Analysis Generated
Apr 14, 2026 - 19:42 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22497
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:58 nvd
MEDIUM 6.2

DescriptionCVE.org

Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.

AnalysisAI

Improper authentication in Windows Active Directory enables local spoofing attacks on unauthenticated users, allowing attackers with local access to bypass authentication mechanisms and gain unauthorized access to sensitive information. This vulnerability affects multiple Windows 10 and Windows 11 versions as well as Windows Server 2016 through 2025. A vendor-released patch is available from Microsoft, and the moderate CVSS score (6.2) reflects the local attack vector requirement combined with high confidentiality impact.

Technical ContextAI

This vulnerability exists in Windows Active Directory authentication logic, classified under CWE-287 (Improper Authentication). The root cause involves inadequate validation of authentication credentials or identity verification at the local system level, enabling spoofing attacks. The Local attack vector (AV:L) indicates the attacker must have local system access to exploit the flaw. The lack of privilege requirement (PR:N) combined with local access means any local user can trigger the vulnerability. The vulnerability does not require user interaction (UI:N), making exploitation straightforward once local access is established. The high confidentiality impact (C:H) but no integrity or availability impact suggests sensitive data can be read through spoofed identities without modification or denial of service.

RemediationAI

Vendor-released patch available from Microsoft. Update Windows systems to the following minimum build versions to remediate: Windows 10 Version 1607 to build 14393.9060 or later, Windows 10 Version 1809 to build 17763.8644 or later, Windows 10 Version 21H2 to build 19044.7184 or later, Windows 10 Version 22H2 to build 19045.7184 or later, Windows 11 Version 22H3 to build 22631.6936 or later, Windows 11 Version 23H2 to build 22631.6936 or later, Windows 11 Version 24H2 to build 26100.32690 or later, Windows 11 Version 25H2 to build 26200.8246 or later, Windows 11 Version 26H1 to build 28000.1836 or later, Windows Server 2016 to build 14393.9060 or later, Windows Server 2019 to build 17763.8644 or later, Windows Server 2022 to build 20348.5020 or later (or 25398.2274 for 23H2 Edition), and Windows Server 2025 to build 26100.32690 or later. Patches are available through Windows Update and Microsoft Update Catalog. No workarounds are documented; patching is the primary remediation path. Organizations should prioritize updates for domain controllers and server systems first, then client systems. See https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32072 for detailed deployment guidance.

Share

CVE-2026-32072 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy