Skip to main content

Microsoft EUVDEUVD-2026-22538

| CVE-2026-32153 HIGH
Use After Free (CWE-416)
2026-04-14 microsoft
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:33 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22538
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:58 nvd
HIGH 7.8

DescriptionCVE.org

Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.

AnalysisAI

Use-after-free in Microsoft Windows Speech component enables local privilege escalation to SYSTEM on Windows 10 (versions 1809, 21H2, 22H2) and Windows 11 (versions 22H3 through 26H1). Authenticated local attackers with low privileges can exploit memory corruption to gain full system control with low attack complexity and no user interaction required. CVSS 7.8 (High). Vendor-released patches available for all affected versions. No public exploit identified at time of analysis, though the straigh

Technical ContextAI

This vulnerability stems from a use-after-free condition (CWE-416) in the Windows Speech API subsystem, a component that provides text-to-speech and speech recognition capabilities across Windows platforms. Use-after-free vulnerabilities occur when code continues to use a memory pointer after the referenced memory has been deallocated, leading to memory corruption that attackers can manipulate to redirect execution flow. The Windows Speech component runs with elevated system privileges to access audio hardware and system resources, making it an attractive target for privilege escalation. The affected CPE strings identify this as impacting the Speech API across eight distinct Windows versions spanning Windows 10 build 17763 (version 1809 from 2018) through Windows 11 build 28000 (version 26H1, a future release), indicating a long-standing architectural issue in the shared Speech subsystem codebase. The local attack vector with low privileges required (CVSS PR:L) suggests exploitation occurs through standard user API calls to Speech services, rather than requiring administrative session access.

RemediationAI

Vendor-released patches are available for all affected Windows versions. Update Windows 10 Version 1809 to build 10.0.17763.8644 or later, Windows 10 Version 21H2 to build 10.0.19044.7184 or later, Windows 10 Version 22H2 to build 10.0.19045.7184 or later, Windows 11 Version 22H3 to build 10.0.22631.6936 or later, Windows 11 Version 23H2 to build 10.0.22631.6936 or later, Windows 11 Version 24H2 to build 10.0.26100.32690 or later, Windows 11 Version 25H2 to build 10.0.26200.8246 or later, and Windows 11 Version 26H1 to build 10.0.28000.1836 or later. Apply patches through Windows Update, WSUS, or Microsoft Update Catalog. Organizations should prioritize systems with multiple local users, shared workstations, or environments where users operate with standard (non-administrative) credentials that could leverage this for escalation. As a temporary risk mitigation for systems where immediate patching is not feasible, restrict local logon access to trusted users only and monitor for suspicious Speech API activity through Windows Event Logs (Event ID 4688 for process creation involving speech-related executables). Full remediation guidance at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32153.

Share

EUVD-2026-22538 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy