Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Windows Print Spooler Components allows authenticated attackers with low privileges to achieve complete system compromise (high confidentiality, integrity, and availability impact) by exploiting a use-after-free memory corruption vulnerability. Affects Windows 11 versions 24H2, 25H2, 26H1, Windows Server 2022 23H2 Edition, and Windows Server 2025. CVSS score 7.8 reflects local attack vector with low complexity and no user interaction required. No public exploit or CISA KEV status identified at time of analysis, though use-after-free vulnerabilities in Print Spooler have historically been attractive exploitation targets.
Technical ContextAI
This vulnerability (CWE-416) stems from a use-after-free condition in Windows Print Spooler Components, where memory is accessed after being deallocated. The Print Spooler service traditionally runs with elevated SYSTEM privileges, making it a high-value target for local privilege escalation attacks. Use-after-free conditions occur when code continues to use a memory pointer after the referenced object has been freed, potentially allowing an attacker to manipulate memory allocation to control the freed memory's contents. When exploited successfully, this memory corruption can redirect execution flow to attacker-controlled code. The affected CPE strings identify multiple modern Windows platforms: Windows 11 consumer releases (24H2, 25H2, 26H1) and enterprise server platforms (Windows Server 2022 23H2 Edition and Windows Server 2025 in both full and Server Core installation variants), indicating widespread impact across Microsoft's current product portfolio.
RemediationAI
Apply vendor-released security updates immediately. For Windows 11 version 24H2, Windows Server 2025, and Windows Server 2025 Server Core installations, upgrade to build 10.0.26100.32690 or later. For Windows 11 version 25H2, upgrade to build 10.0.26200.8246 or later. For Windows 11 version 26H1, upgrade to build 10.0.28000.1836 or later. For Windows Server 2022 23H2 Edition Server Core installations, upgrade to build 10.0.25398.2274 or later. Detailed patch deployment guidance and security update packages are available through the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33101. Organizations unable to immediately patch should implement compensating controls including restricting local access privileges, monitoring Print Spooler service activity for anomalous behavior, and hardening systems against initial access vectors that could provide attackers the low-privilege foothold required for exploitation.
Same weakness CWE-416 – Use After Free
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22625
GHSA-pmv4-pg97-2f6v