Skip to main content

Microsoft CVE-2026-32084

| EUVDEUVD-2026-22516 MEDIUM
Information Exposure (CWE-200)
2026-04-14 microsoft
5.5
CVSS 3.1 · NVD
Temporal: 4.8
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CIRCL (temporal)
4.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Analysis Generated
Apr 14, 2026 - 19:42 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22516
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:58 nvd
MEDIUM 5.5

DescriptionCVE.org

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

AnalysisAI

Windows File Explorer exposes sensitive information to authenticated local users with low privileges, allowing them to read confidential data without modification or service disruption. This affects multiple Windows 10 and Windows 11 versions, as well as Windows Server 2012 through 2025. Microsoft has released patches addressing the information disclosure vector; exploitation requires local system access and valid user credentials.

Technical ContextAI

The vulnerability resides in Windows File Explorer's handling of sensitive data, classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The flaw allows authenticated users with limited privileges to bypass information access controls and read files or data they should not have permission to view. This is a local attack vector affecting the Windows shell and file management subsystem across numerous versions and editions, including Server Core installations. The CVSS vector (AV:L/AC:L/PR:L) indicates the attack requires local access to the system and valid user credentials, with low attack complexity, meaning no special conditions are needed to exploit once access is established.

RemediationAI

Apply Microsoft-released patches immediately. For Windows 10 Version 1607, patch to build 14393.9060 or later; for Version 1809, 17763.8644 or later; for Version 21H2, 19044.7184 or later; for Version 22H2, 19045.7184 or later. For Windows 11 Version 22H3 and 23H2, patch to build 22631.6936 or later; for Version 24H2, 26100.32690 or later; for Version 25H2, 26200.8246 or later; for Version 26H1, 28000.1836 or later. Windows Server 2012 and R2 require build 9200.26026 and 9600.23132 respectively; Server 2016 requires 14393.9060; Server 2019 requires 17763.8644; Server 2022 requires 20348.5020; Server 2025 requires 26100.32690. Patches are available via Windows Update and the MSRC portal at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32084. No public workarounds are documented; patching is the primary remediation path.

Share

CVE-2026-32084 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy