Microsoft Windows 10 Version 22H2 vulnerabilities

CVE-2026-33824 [CRITICAL] CWE-415 CVE-2026-33824: Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

CVE-2026-32183 [HIGH] CWE-77 CVE-2026-32183: Improper neutralization of special elements used in a command ('command injection') in Windows Snipp Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.

CVE-2026-27919 [HIGH] CWE-822 CVE-2026-27919: Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an author Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

CVE-2026-26177 [HIGH] CWE-416 CVE-2026-26177: Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-32070 [HIGH] CWE-416 CVE-2026-32070: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate pri Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-27917 [HIGH] CWE-416 CVE-2026-27917: Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized atta Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.

CVE-2026-32164 [HIGH] CWE-362 CVE-2026-32164: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

CVE-2026-32149 [HIGH] CWE-20 CVE-2026-32149: Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.

CVE-2026-33100 [HIGH] CWE-416 CVE-2026-33100: Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-26163 [HIGH] CWE-415 CVE-2026-26163: Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-26152 [HIGH] CWE-922 CVE-2026-26152: Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized att Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

CVE-2026-20930 [HIGH] CWE-362 CVE-2026-20930: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-32068 [HIGH] CWE-362 CVE-2026-32068: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

CVE-2026-27927 [HIGH] CWE-362 CVE-2026-27927: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.

CVE-2026-26167 [HIGH] CWE-362 CVE-2026-26167: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

CVE-2026-32082 [HIGH] CWE-362 CVE-2026-32082: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

CVE-2026-33099 [HIGH] CWE-416 CVE-2026-33099: Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-32090 [HIGH] CWE-362 CVE-2026-32090: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.

CVE-2026-26153 [HIGH] CWE-125 CVE-2026-26153: Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.

CVE-2026-32087 [HIGH] CWE-122 CVE-2026-32087: Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker t Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.