CVE-2026-26154
Published: 14 April 2026
Summary
CVE-2026-26154 is a high-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates information input validation at system interfaces, comprehensively addressing the improper input validation flaw in WSUS that enables remote tampering and DoS.
Requires timely flaw remediation including patching the specific CVE as guided by MSRC, preventing exploitation of the vulnerability.
Protects against denial-of-service events matching the CVE's high availability impact from network-based invalid input exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper input validation in network-accessible WSUS enables remote unauthenticated exploitation causing application DoS (tampering/availability impact), directly mapping to T1190 (exploit public-facing/internal app) and T1499.004 (application exploitation for DoS).
NVD Description
Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.
Deeper analysisAI
CVE-2026-26154 is an improper input validation vulnerability, mapped to CWE-20, affecting the Windows Server Update Service (WSUS). Published on 2026-04-14, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating network accessibility with low complexity, no privileges or user interaction required, and unchanged scope.
An unauthorized attacker can exploit this vulnerability remotely over the network to perform tampering. While the description highlights tampering capabilities, the CVSS metrics reflect no impact on confidentiality or integrity but a high impact on availability, enabling potential denial-of-service conditions.
The Microsoft Security Response Center advisory provides further details on this vulnerability, including mitigation guidance, at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26154.
Details
- CWE(s)