Cyber Posture

CVE-2026-27912

High

Published: 14 April 2026

Published
14 April 2026
Modified
23 April 2026
KEV Added
Patch
CVSS Score 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0031 54.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27912 is a high-severity Improper Authorization (CWE-285) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 45.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the improper authorization flaw in Windows Kerberos through timely identification, reporting, and patching, preventing privilege escalation.

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for access to system resources, directly countering the improper authorization vulnerability in Kerberos that enables privilege escalation.

AC-6 Least Privilege good match
prevent

Applies least privilege to limit the privileges available for escalation via the Kerberos authorization flaw, reducing potential impact on confidentiality, integrity, and availability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Improper authorization vulnerability in Windows Kerberos directly enables privilege escalation from low-privileged access, mapping to exploitation of software vulnerabilities for higher privileges.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.

Deeper analysisAI

CVE-2026-27912 is an improper authorization vulnerability (CWE-285) in Windows Kerberos that enables privilege escalation. It affects Windows systems using the Kerberos authentication component. Published on 2026-04-14T18:16:58.600, the vulnerability has a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

An authorized attacker with low privileges (PR:L) on an adjacent network (AV:A) can exploit this issue with low attack complexity and no user interaction. Exploitation allows the attacker to elevate privileges, achieving high confidentiality, integrity, and availability impacts on the targeted system.

Microsoft's Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27912 provides guidance on mitigation and available patches for this vulnerability.

Details

CWE(s)
CWE-285

Affected Products

microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.9060
microsoft
windows server 2019
≤ 10.0.17763.8644
microsoft
windows server 2022
≤ 10.0.20348.5020
microsoft
windows server 2022 23h2
≤ 10.0.25398.2274
microsoft
windows server 2025
≤ 10.0.26100.32690

CVEs Like This One

CVE-2026-26183Same product: Microsoft Windows Server 2012
CVE-2025-25008Same product: Microsoft Windows Server 2016
CVE-2026-21251Same product: Microsoft Windows Server 2016
CVE-2025-21275Same product: Microsoft Windows Server 2022
CVE-2026-33826Same product: Microsoft Windows Server 2012
CVE-2025-59287Same product: Microsoft Windows Server 2012
CVE-2026-26154Same product: Microsoft Windows Server 2012
CVE-2025-54106Same product: Microsoft Windows Server 2012
CVE-2025-49735Same product: Microsoft Windows Server 2012
CVE-2025-24045Same product: Microsoft Windows Server 2012

References