CVE-2026-33099

CWE-416Use After Free3 documents3 sources
Severity
7.0HIGH
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
17
Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809Microsoft Windows 10 Version 21h2+14 more
Timeline
PublishedApr 14

Description

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages17 packages

CVEListV5microsoft/windows_server_20126.2.9200.06.2.9200.26026
CVEListV5microsoft/windows_server_201610.0.14393.010.0.14393.9060
CVEListV5microsoft/windows_server_201910.0.17763.010.0.17763.8644
CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.5020
CVEListV5microsoft/windows_server_2012_r26.3.9600.06.3.9600.23132

🔴Vulnerability Details

2
VulDB
Microsoft Windows up to Server 2022 23H2 Ancillary Function Driver for WinSock use after free2026-04-14
CVEList
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability2026-04-14
CVE-2026-33099 (HIGH CVSS 7) | Use after free in Windows Ancillary | cvebase.io