Is Use After Free affected by CVE-2026-33101?

CVE-2026-33101 is a high-severity privilege escalation vulnerability in Windows Print Spooler affecting Windows 11 (versions 24H2, 25H2, 26H1) and Windows Server 2022/2025, enabling authenticated users with standard privileges to gain complete system control.

CVE-2026-33101

EUVD-2026-22625 HIGH

2026-04-14 microsoft

GHSA-pmv4-pg97-2f6v

Denial Of Service Use After Free Memory Corruption Microsoft Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 Windows Server 2022 23H2 Edition Server Core Installation Windows Server 2025 Windows Server 2025 Server Core Installation

7.8

CVSS 3.1

Temporal: 6.8

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 14, 2026 - 19:36 vuln.today

DescriptionNVD

Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Windows Print Spooler Components allows authenticated attackers with low privileges to achieve complete system compromise (high confidentiality, integrity, and availability impact) by exploiting a use-after-free memory corruption vulnerability. Affects Windows 11 versions 24H2, 25H2, 26H1, Windows Server 2022 23H2 Edition, and Windows Server 2025. …

RemediationAI

Within 24 hours: Identify all affected Windows 11 and Windows Server systems in inventory matching versions 24H2, 25H2, 26H1 (Win11) and 23H2 (Server 2022), 2025 (Server 2025); prioritize domain-joined systems and servers. Within 7 days: Deploy the vendor-released Windows security update addressing CVE-2026-33101 to all affected systems, beginning with critical infrastructure and servers; validate patch installation via Windows Update history or WSUS reports. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-33101 vulnerability details – vuln.today

Back

CVE-2026-33101

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code