CVE-2026-32149
Published: 14 April 2026
Summary
CVE-2026-32149 is a high-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Windows 11 23H2. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 32.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-32149, published on 2026-04-14, is an improper input validation vulnerability in Windows Hyper-V. Assigned a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), it maps to CWEs-20 (Improper Input Validation), CWE-122 (Heap-based Buffer Overflow), and CWE-191 (Integer Underflow (Wrap or Wraparound)).
A local attacker with low privileges (PR:L) can exploit this issue with low attack complexity (AC:L) if user interaction is obtained (UI:R). Successful exploitation enables arbitrary local code execution, resulting in high impacts to confidentiality, integrity, and availability without scope change (S:U).
The Microsoft Security Response Center advisory provides details on mitigation and patches at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32149.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-22534
Vulnerability details
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local low-privilege attacker exploits heap buffer overflow/integer underflow via improper input validation in Hyper-V to achieve arbitrary code execution with high CIA impact, directly matching Exploitation for Privilege Escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces validation of inputs to Hyper-V components, preventing exploitation of improper input validation (CWE-20), heap-based buffer overflow (CWE-122), and integer underflow (CWE-191).
Implements memory protections such as non-executable memory and stack guards that comprehensively mitigate arbitrary code execution from buffer overflows and underflows in Hyper-V.
Requires identification, reporting, and timely remediation of flaws like CVE-2026-32149 through patching, directly addressing the Hyper-V vulnerability.