Cyber Resilience

CVE-2026-27912

High

Published: 14 April 2026

Published
14 April 2026
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0056 68.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27912 is a high-severity Improper Authorization (CWE-285) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 31.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-27912 is an improper authorization vulnerability (CWE-285) in Windows Kerberos that enables privilege escalation. It affects Windows systems using the Kerberos authentication component. Published on 2026-04-14T18:16:58.600, the vulnerability has a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

An authorized attacker with low privileges (PR:L) on an adjacent network (AV:A) can exploit this issue with low attack complexity and no user interaction. Exploitation allows the attacker to elevate privileges, achieving high confidentiality, integrity, and availability impacts on the targeted system.

Microsoft's Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27912 provides guidance on mitigation and available patches for this vulnerability.

EU & UK References

Vulnerability details

Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Improper authorization vulnerability in Windows Kerberos directly enables privilege escalation from low-privileged access, mapping to exploitation of software vulnerabilities for higher privileges.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-41095Same product: Microsoft Windows Server 2012
CVE-2026-35420Same product: Microsoft Windows Server 2012
CVE-2026-26183Same product: Microsoft Windows Server 2012
CVE-2026-21251Same product: Microsoft Windows Server 2016
CVE-2025-25008Same product: Microsoft Windows Server 2016
CVE-2025-21275Same product: Microsoft Windows Server 2022
CVE-2026-33826Same product: Microsoft Windows Server 2012
CVE-2025-59287Same product: Microsoft Windows Server 2012
CVE-2025-53795Same vendor: Microsoft
CVE-2026-26111Same product: Microsoft Windows Server 2012

Affected Assets

microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.9060
microsoft
windows server 2019
≤ 10.0.17763.8644
microsoft
windows server 2022
≤ 10.0.20348.5020
microsoft
windows server 2022 23h2
≤ 10.0.25398.2274
microsoft
windows server 2025
≤ 10.0.26100.32690

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the improper authorization flaw in Windows Kerberos through timely identification, reporting, and patching, preventing privilege escalation.

prevent

Enforces approved authorizations for access to system resources, directly countering the improper authorization vulnerability in Kerberos that enables privilege escalation.

prevent

Applies least privilege to limit the privileges available for escalation via the Kerberos authorization flaw, reducing potential impact on confidentiality, integrity, and availability.

References