Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.
AnalysisAI
Improper privilege management in Microsoft Windows allows authenticated local attackers to deny service by exploiting a privilege escalation flaw affecting Windows 10 versions 21H2 and 22H2, Windows 11 versions 22H3 through 26H1, and Windows Server 2022 and 2025. The vulnerability requires local access and valid credentials but does not permit code execution or data manipulation. CVSS 5.5 reflects moderate severity; CISA SSVC framework rates exploitation as none with partial technical impact, indicating this is not currently a priority threat despite patch availability.
Technical ContextAI
This vulnerability stems from improper privilege management within Windows kernel or system services, classified under CWE-269 (Improper Access Control). The affected versions span multiple Windows 10 and 11 releases as well as Windows Server 2022 and 2025, indicating the flaw likely resides in a core privilege-checking mechanism used across multiple OS versions. The CVSS vector AV:L/AC:L/PR:L indicates the attack requires local access and low privileges (standard user), with the primary impact being availability (A:H) rather than confidentiality or integrity. The flaw allows privilege-related operations to bypass proper access controls, leading to denial of service conditions rather than privilege escalation in the traditional sense.
RemediationAI
Apply Microsoft's released security patches to bring affected Windows versions to or above the specified build thresholds: Windows 10 Version 21H2 to build 10.0.19044.7184 or later, Windows 10 Version 22H2 to build 10.0.19045.7184 or later, Windows 11 Version 22H3 to build 10.0.22631.6936 or later, Windows 11 Version 23H2 to build 10.0.22631.6936 or later, Windows 11 Version 24H2 to build 10.0.26100.32690 or later, Windows 11 Version 25H2 to build 10.0.26200.8246 or later, Windows 11 Version 26H1 to build 10.0.28000.1836 or later, Windows Server 2022 to build 10.0.20348.5020 or later, Windows Server 2022 23H2 Edition Server Core to build 10.0.25398.2274 or later, and Windows Server 2025 to build 10.0.26100.32690 or later. No workarounds are documented; patch deployment is the only remediation. Consult https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32181 for patch availability and deployment instructions.
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22563
GHSA-hwgj-f8qr-8j83