Skip to main content

Microsoft EUVDEUVD-2026-22376

| CVE-2026-26154 HIGH
Improper Input Validation (CWE-20)
2026-04-14 microsoft
7.5
CVSS 3.1 · NVD
Temporal: 6.5
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CIRCL (temporal)
6.5 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:12 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22376
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:56 nvd
HIGH 7.5

DescriptionCVE.org

Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.

AnalysisAI

Windows Server Update Service (WSUS) fails to properly validate network inputs, allowing unauthenticated remote attackers to cause denial of service across all Windows Server versions from 2012 through 2025. The vulnerability (CVSS 7.5) enables network-based tampering with high availability impact (AV:N/AC:L/PR:N/UI:N/A:H), though confidentiality and integrity remain unaffected. Patch available per vendor advisory; no public exploit identified at time of analysis. The Authentication Bypass tag and PR:N vector confirm attackers require no credentials, making internet-exposed WSUS servers particularly vulnerable.

Technical ContextAI

Windows Server Update Service (WSUS) is Microsoft's enterprise patch management solution that distributes Windows updates to organizational networks. This vulnerability stems from CWE-20 (Improper Input Validation) in WSUS's network input handling mechanism. The affected component fails to sanitize or validate attacker-supplied data received over the network before processing it, allowing malicious input to trigger tampering conditions. The CVSS vector shows network-accessible attack surface (AV:N) with low complexity (AC:L), indicating the input validation flaw is straightforward to exploit without specialized conditions. CPE data identifies WSUS implementations across Windows Server 2012 (builds 6.2.9200.x), Server 2012 R2 (6.3.9600.x), Server 2016 (10.0.14393.x), Server 2019 (10.0.17763.x), Server 2022 (10.0.20348.x and 10.0.25398.x), and Server 2025 (10.0.26100.x) as vulnerable, affecting both full and Server Core installation modes. The improper validation likely occurs in WSUS's metadata processing, synchronization protocols, or client communication handlers where external network data interfaces with internal service logic.

RemediationAI

Apply Microsoft's security updates immediately to patch the input validation flaw in WSUS. Fixed versions are Windows Server 2012 build 6.2.9200.26026 or later, Windows Server 2012 R2 build 6.3.9600.23132 or later, Windows Server 2016 build 10.0.14393.9060 or later, Windows Server 2019 build 10.0.17763.8644 or later, Windows Server 2022 build 10.0.20348.5020 or later, Windows Server 2022 23H2 Edition build 10.0.25398.2274 or later, and Windows Server 2025 build 10.0.26100.32690 or later. Download patches through Microsoft Update Catalog or Windows Update for Business. As a temporary mitigation for organizations unable to immediately patch, restrict network access to WSUS servers using firewall rules to allow only trusted internal IP ranges, and ensure WSUS is not directly exposed to the internet. Monitor WSUS service availability and network traffic for anomalous connection patterns. Full remediation guidance available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26154.

Share

EUVD-2026-22376 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy