Is Windows Server 2012 R2 affected by CVE-2026-33826?

CVE-2026-33826 is a high-severity remote code execution vulnerability in Windows Active Directory Domain Services affecting all supported Server versions (2012 R2-2025) that allows authenticated attackers on adjacent networks to achieve complete system compromise of domain controllers.

CVE-2026-33826

EUVD-2026-22645 HIGH

2026-04-14 microsoft

GHSA-495g-jr6v-pch8

Information Disclosure Microsoft Windows Server 2012 R2 Windows Server 2012 R2 Server Core Installation Windows Server 2016 Windows Server 2016 Server Core Installation Windows Server 2019 Windows Server 2019 Server Core Installation Windows Server 2022 Windows Server 2022 23H2 Edition Server Core Installation Windows Server 2025 Windows Server 2025 Server Core Installation

8.0

CVSS 3.1

Temporal: 7.0

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 14, 2026 - 19:25 vuln.today

DescriptionNVD

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.

AnalysisAI

Remote code execution in Windows Active Directory Domain Services affects all supported Windows Server versions (2012 R2 through 2025) when an authenticated attacker with low privileges on an adjacent network sends specially crafted requests to domain controllers. The vulnerability stems from improper input validation (CWE-20) and enables complete system compromise with high impact to confidentiality, integrity, and availability. …

RemediationAI

Within 24 hours: Inventory all domain controllers and document current Windows Server versions in production. Within 7 days: Deploy vendor-released patch to all domain controllers, prioritizing those in Tier 0 environments first; coordinate with change management to schedule patching windows with minimal business disruption. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-33826 vulnerability details – vuln.today

Back

CVE-2026-33826

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code