CVE-2026-33826 — Improper Input Validation in Microsoft Windows Server 2012 R2

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.0HIGHNVD

EPSS

0.4%

top 41.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 +2 more

Timeline

PublishedApr 14

Description

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.9060

▶CVEListV5microsoft/windows_server_201910.0.17763.0 — 10.0.17763.8644

▶CVEListV5microsoft/windows_server_202210.0.20348.0 — 10.0.20348.5020

▶CVEListV5microsoft/windows_server_202510.0.26100.0 — 10.0.26100.32690

▶CVEListV5microsoft/windows_server_2012_r26.3.9600.0 — 6.3.9600.23132

🔴Vulnerability Details

CVEList

Windows Active Directory Remote Code Execution Vulnerability↗2026-04-14

▶

VulDB

Microsoft Windows prior 10.0.26100.32690 Active Directory input validation↗2026-04-14

▶

GHSA

GHSA-495g-jr6v-pch8: Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network↗2026-04-14

▶