Skip to main content

Microsoft CVE-2026-33826

| EUVDEUVD-2026-22645 HIGH
Improper Input Validation (CWE-20)
2026-04-14 microsoft GHSA-495g-jr6v-pch8
8.0
CVSS 3.1 · NVD
Temporal: 7.0
Share

Severity by source

NVD PRIMARY
8.0 HIGH
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
7.0 HIGH
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:25 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22645
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 8.0

DescriptionCVE.org

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.

AnalysisAI

Remote code execution in Windows Active Directory Domain Services affects all supported Windows Server versions (2012 R2 through 2025) when an authenticated attacker with low privileges on an adjacent network sends specially crafted requests to domain controllers. The vulnerability stems from improper input validation (CWE-20) and enables complete system compromise with high impact to confidentiality, integrity, and availability. Patch available per vendor advisory; no public exploit identified at time of analysis. CVSS 8.0 severity reflects adjacent network attack vector requiring low-privilege authentication but trivial attack complexity with no user interaction.

Technical ContextAI

This vulnerability exists in the Windows Active Directory Domain Services (AD DS) component, which provides authentication and authorization services for Windows domain environments. The affected products span all currently supported Windows Server versions from 2012 R2 (build 6.3.9600) through the latest 2025 release (build 10.0.26100), including both full GUI and Server Core installation options. The root cause is CWE-20 (Improper Input Validation), indicating that AD DS fails to properly validate or sanitize input data received through network requests. This class of vulnerability typically occurs when applications trust data from external sources without sufficient verification, allowing attackers to inject malicious payloads that trigger unintended code execution. The adjacent network attack vector (AV:A) indicates the attacker must be on the same local network segment as the domain controller, such as a compromised workstation on the corporate LAN or a rogue device connected to the internal network.

RemediationAI

Apply Microsoft-released security updates immediately to all Active Directory domain controllers. Vendor-released patches: Windows Server 2012 R2 upgrade to build 6.3.9600.23132 or later, Windows Server 2016 upgrade to build 10.0.14393.9060 or later, Windows Server 2019 upgrade to build 10.0.17763.8644 or later, Windows Server 2022 upgrade to build 10.0.20348.5020 or later, Windows Server 2022 23H2 Edition upgrade to build 10.0.25398.2274 or later, Windows Server 2025 upgrade to build 10.0.26100.32690 or later. Prioritize patching domain controllers based on their exposure to potentially compromised network segments. Implement network segmentation to restrict adjacent network access to domain controllers, enforce principle of least privilege for domain accounts, and monitor for anomalous authentication patterns or lateral movement. Full security update details and installation guidance available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33826.

Share

CVE-2026-33826 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy