CVE-2026-32071NULL Pointer Dereference in Microsoft Windows 10 Version 1607

CWE-476NULL Pointer Dereference3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 71.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809Microsoft Windows 10 Version 21h2+10 more
Timeline
PublishedApr 14

Description

Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages13 packages

CVEListV5microsoft/windows_server_201610.0.14393.010.0.14393.9060
CVEListV5microsoft/windows_server_201910.0.17763.010.0.17763.8644
CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.5020
CVEListV5microsoft/windows_server_202510.0.26100.010.0.26100.32690
CVEListV5microsoft/windows_10_version_160710.0.14393.010.0.14393.9060

🔴Vulnerability Details

2
GHSA
GHSA-mfwr-mq7p-278f: Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network2026-04-14
CVEList
Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability2026-04-14
CVE-2026-32071 — NULL Pointer Dereference in Microsoft | cvebase