CVE-2026-26183
published 2026-04-14CVE-2026-26183: Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.26026 | 6.2.9200.26026 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.23132 | 6.3.9600.23132 |
| microsoft | windows_server_2016 | < 10.0.14393.9060 | 10.0.14393.9060 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.9060 | 10.0.14393.9060 |
| microsoft | windows_server_2019 | < 10.0.17763.8644 | 10.0.17763.8644 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.8644 | 10.0.17763.8644 |
| microsoft | windows_server_2022 | < 10.0.20348.5020 | 10.0.20348.5020 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.5020 | 10.0.20348.5020 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.2274 | 10.0.25398.2274 |
| microsoft | windows_server_2025 | < 10.0.26100.32690 | 10.0.26100.32690 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.32690 | 10.0.26100.32690 |