CVE-2026-26156

CWE-20 — Improper Input Validation CWE-122 — Heap-based Buffer Overflow CWE-125 — Out-of-bounds Read2 documents2 sources

Severity

7.8HIGH

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

16

Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1809 Microsoft Windows 10 Version 21h2 +13 more

Timeline

PublishedApr 14

Description

Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages16 packages

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.9060

▶CVEListV5microsoft/windows_server_201910.0.17763.0 — 10.0.17763.8644

▶CVEListV5microsoft/windows_server_202210.0.20348.0 — 10.0.20348.5020

▶CVEListV5microsoft/windows_server_202510.0.26100.0 — 10.0.26100.32690

▶CVEListV5microsoft/windows_10_version_160710.0.14393.0 — 10.0.14393.9060

🔴Vulnerability Details

1

CVEList

Windows Hyper-V Remote Code Execution Vulnerability↗2026-04-14

▶

CVE-2026-26156 (HIGH CVSS 7.8) | Heap-based buffer overflow in Windo | cvebase.io