CVE-2026-32184
published 2026-04-14CVE-2026-32184: Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
PriorityP348high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
1.93%
77.4th percentile
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | hpc_pack | < 6.3.8355 | 6.3.8355 |
| microsoft | microsoft_hpc_pack_2019 | >= 1.0.0 < 6.3.8355 | 6.3.8355 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft HPC Pack 2019 deserialization
vuldb·2026-04-14·CVSS 7.8
CVE-2026-32184 [HIGH] Microsoft HPC Pack 2019 deserialization
A vulnerability described as critical has been identified in Microsoft HPC Pack 2019. This affects an unknown part. Executing a manipulation can lead to deserialization.
This vulnerability is tracked as CVE-2026-32184. The attack is restricted to local execution. No exploit exists.
Upgrading the affected component is recommended.
GHSA
GHSA-c6vr-grf8-r7qj: Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally
ghsa_unreviewed·2026-04-14
CVE-2026-32184 [HIGH] CWE-502 GHSA-c6vr-grf8-r7qj: Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
blogs_bleepingcomputer·2026-04-14·CVSS 6.5
[MEDIUM] Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
## Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
## Lawrence Abrams
Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities.
This Patch Tuesday also addresses eight "Critical" vulnerabilities, 7 of which are remote code execution flaws and the other is a denial of service flaw.
The number of bugs in each vulnerability category is listed below:
93 Elevation of Privilege Vulnerabilities
13 Security Feature Bypass Vulnerabilities
20 Remote Code Execution Vulnerabilities
21 Information Disclosure Vulnerabilities
10 Denial of Service Vulnerabilities
9 Spoofing Vulnerabilities
When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today.
Therefore, the
Sans Isc
Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
blogs_sans_isc·2026-04-14·CVSS 8.8
[HIGH] Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
Microsoft Patch Tuesday April 2026.
Published: 2026-04-14. Last Updated: 2026-04-14 17:46:09 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
This month's Microsoft Patch Tuesday looks like a record one, but let's look at it a bit closer to understand what is happening
The update patches a total of 243 vulnerabilities. However, 78 of them are Chromium issues affecting Microsoft Edge. Patches for Edge were released earlier. This leaves 165 vulnerabilities that are not Edge-related. Of these, 8 are rated critical, and 154 are important. One vulnerability has already been exploited, and another was made public before today but has not yet been seen in the wild.
Noteworthy Vulnerabilities:
CVE-2026-33827 (Windows TCP/IP Remote Code Execution Vulnerability): As a packet nerd, I love thes
Rapid7
Patch Tuesday - April 2026
blogs_rapid7·2026-04-14·CVSS 6.5
[MEDIUM] Patch Tuesday - April 2026
Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday . Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, and public disclosure for one other. Microsoft evaluates 19 of the vulnerabilities published today as more likely to see future exploitation. So far this month, Microsoft has provided patches to address 80 browser vulnerabilities, which are not included in the Patch Tuesday count above.
## Increasing volumes of vulnerabilities
Regular Patch Tuesday watchers will know that these vulnerability totals are significantly higher than usual, especially the browser numbers. Late last week, Microsoft published patches to resolve more than 60 browser vulnerabilities in a single day, which is a new record in that very specific category.
It mig
2026-04-14
Published