Skip to main content

Microsoft CVE-2026-32181

| EUVDEUVD-2026-22563 MEDIUM
Improper Privilege Management (CWE-269)
2026-04-14 microsoft GHSA-hwgj-f8qr-8j83
5.5
CVSS 3.1 · NVD
Temporal: 4.8
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CIRCL (temporal)
4.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Apr 14, 2026 - 19:41 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22563
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
MEDIUM 5.5

DescriptionCVE.org

Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.

AnalysisAI

Improper privilege management in Microsoft Windows allows authenticated local attackers to deny service by exploiting a privilege escalation flaw affecting Windows 10 versions 21H2 and 22H2, Windows 11 versions 22H3 through 26H1, and Windows Server 2022 and 2025. The vulnerability requires local access and valid credentials but does not permit code execution or data manipulation. CVSS 5.5 reflects moderate severity; CISA SSVC framework rates exploitation as none with partial technical impact, indicating this is not currently a priority threat despite patch availability.

Technical ContextAI

This vulnerability stems from improper privilege management within Windows kernel or system services, classified under CWE-269 (Improper Access Control). The affected versions span multiple Windows 10 and 11 releases as well as Windows Server 2022 and 2025, indicating the flaw likely resides in a core privilege-checking mechanism used across multiple OS versions. The CVSS vector AV:L/AC:L/PR:L indicates the attack requires local access and low privileges (standard user), with the primary impact being availability (A:H) rather than confidentiality or integrity. The flaw allows privilege-related operations to bypass proper access controls, leading to denial of service conditions rather than privilege escalation in the traditional sense.

RemediationAI

Apply Microsoft's released security patches to bring affected Windows versions to or above the specified build thresholds: Windows 10 Version 21H2 to build 10.0.19044.7184 or later, Windows 10 Version 22H2 to build 10.0.19045.7184 or later, Windows 11 Version 22H3 to build 10.0.22631.6936 or later, Windows 11 Version 23H2 to build 10.0.22631.6936 or later, Windows 11 Version 24H2 to build 10.0.26100.32690 or later, Windows 11 Version 25H2 to build 10.0.26200.8246 or later, Windows 11 Version 26H1 to build 10.0.28000.1836 or later, Windows Server 2022 to build 10.0.20348.5020 or later, Windows Server 2022 23H2 Edition Server Core to build 10.0.25398.2274 or later, and Windows Server 2025 to build 10.0.26100.32690 or later. No workarounds are documented; patch deployment is the only remediation. Consult https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32181 for patch availability and deployment instructions.

Share

CVE-2026-32181 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy