CVE-2026-32162

CWE-3493 documents3 sources
Severity
8.4HIGH
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Microsoft Windows 10 Version 1809Microsoft Windows 10 Version 21h2Microsoft Windows 10 Version 22h2+10 more
Timeline
PublishedApr 14

Description

Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages13 packages

CVEListV5microsoft/windows_server_201910.0.17763.010.0.17763.8644
CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.5020
CVEListV5microsoft/windows_server_202510.0.26100.010.0.26100.32690
CVEListV5microsoft/windows_10_version_180910.0.17763.010.0.17763.8644
CVEListV5microsoft/windows_10_version_21h210.0.19044.010.0.19044.7184

🔴Vulnerability Details

2
VulDB
Microsoft Windows up to Server 2025 COM acceptance of extraneous untrusted data with trusted data2026-04-14
CVEList
Windows COM Elevation of Privilege Vulnerability2026-04-14
CVE-2026-32162 (HIGH CVSS 8.4) | Acceptance of extraneous untrusted | cvebase.io