Skip to main content

Microsoft EUVDEUVD-2026-22625

| CVE-2026-33101 HIGH
Use After Free (CWE-416)
2026-04-14 microsoft GHSA-pmv4-pg97-2f6v
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:36 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22625
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:58 nvd
HIGH 7.8

DescriptionCVE.org

Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Windows Print Spooler Components allows authenticated attackers with low privileges to achieve complete system compromise (high confidentiality, integrity, and availability impact) by exploiting a use-after-free memory corruption vulnerability. Affects Windows 11 versions 24H2, 25H2, 26H1, Windows Server 2022 23H2 Edition, and Windows Server 2025. CVSS score 7.8 reflects local attack vector with low complexity and no user interaction required. No public exploit or CISA KEV status identified at time of analysis, though use-after-free vulnerabilities in Print Spooler have historically been attractive exploitation targets.

Technical ContextAI

This vulnerability (CWE-416) stems from a use-after-free condition in Windows Print Spooler Components, where memory is accessed after being deallocated. The Print Spooler service traditionally runs with elevated SYSTEM privileges, making it a high-value target for local privilege escalation attacks. Use-after-free conditions occur when code continues to use a memory pointer after the referenced object has been freed, potentially allowing an attacker to manipulate memory allocation to control the freed memory's contents. When exploited successfully, this memory corruption can redirect execution flow to attacker-controlled code. The affected CPE strings identify multiple modern Windows platforms: Windows 11 consumer releases (24H2, 25H2, 26H1) and enterprise server platforms (Windows Server 2022 23H2 Edition and Windows Server 2025 in both full and Server Core installation variants), indicating widespread impact across Microsoft's current product portfolio.

RemediationAI

Apply vendor-released security updates immediately. For Windows 11 version 24H2, Windows Server 2025, and Windows Server 2025 Server Core installations, upgrade to build 10.0.26100.32690 or later. For Windows 11 version 25H2, upgrade to build 10.0.26200.8246 or later. For Windows 11 version 26H1, upgrade to build 10.0.28000.1836 or later. For Windows Server 2022 23H2 Edition Server Core installations, upgrade to build 10.0.25398.2274 or later. Detailed patch deployment guidance and security update packages are available through the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33101. Organizations unable to immediately patch should implement compensating controls including restricting local access privileges, monitoring Print Spooler service activity for anomalous behavior, and hardening systems against initial access vectors that could provide attackers the low-privilege foothold required for exploitation.

Share

EUVD-2026-22625 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy