CVE-2026-26154

CWE-20Improper Input Validation2 documents2 sources
Severity
7.5HIGH
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Microsoft Windows Server 2012Microsoft Windows Server 2012 (server Core Installation)Microsoft Windows Server 2012 R2+8 more
Timeline
PublishedApr 14

Description

Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages11 packages

CVEListV5microsoft/windows_server_20126.2.9200.06.2.9200.26026
CVEListV5microsoft/windows_server_201610.0.14393.010.0.14393.9060
CVEListV5microsoft/windows_server_201910.0.17763.010.0.17763.8644
CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.5020
CVEListV5microsoft/windows_server_202510.0.26100.010.0.26100.32690

🔴Vulnerability Details

1
CVEList
Windows Server Update Service (WSUS) Tampering Vulnerability2026-04-14
CVE-2026-26154 (HIGH CVSS 7.5) | Improper input validation in Window | cvebase.io