CVE-2026-33824

CWE-4153 documents3 sources
Severity
9.8CRITICAL
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809Microsoft Windows 10 Version 21h2+13 more
Timeline
PublishedApr 14

Description

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages16 packages

CVEListV5microsoft/windows_server_201610.0.14393.010.0.14393.9060
CVEListV5microsoft/windows_server_201910.0.17763.010.0.17763.8644
CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.5020
CVEListV5microsoft/windows_server_202510.0.26100.010.0.26100.32690
CVEListV5microsoft/windows_10_version_160710.0.14393.010.0.14393.9060

🔴Vulnerability Details

2
CVEList
Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability2026-04-14
VulDB
Microsoft Windows up to Server 2025 IKE Service Extensions double free2026-04-14
CVE-2026-33824 (CRITICAL CVSS 9.8) | Double free in Windows IKE Extensio | cvebase.io