CVE-2026-27912

CWE-2852 documents2 sources

Severity

8.0HIGH

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 14

Description

Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

▶CVEListV5microsoft/windows_server_20126.2.9200.0 — 6.2.9200.26026

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.9060

▶CVEListV5microsoft/windows_server_201910.0.17763.0 — 10.0.17763.8644

▶CVEListV5microsoft/windows_server_202210.0.20348.0 — 10.0.20348.5020

▶CVEListV5microsoft/windows_server_202510.0.26100.0 — 10.0.26100.32690

CVEList

Windows Kerberos Elevation of Privilege Vulnerability↗2026-04-14

▶

Microsoft Windows Server 2012≥ 6.2.9200.0, < 6.2.9200.26026

Microsoft Windows Server 2016≥ 10.0.14393.0, < 10.0.14393.9060

Microsoft Windows Server 2019≥ 10.0.17763.0, < 10.0.17763.8644

Microsoft Windows Server 2022≥ 10.0.20348.0, < 10.0.20348.5020

Microsoft Windows Server 2025≥ 10.0.26100.0, < 10.0.26100.32690

PublishedApr 14, 2026