CVE-2026-32153
Published: 14 April 2026
Summary
CVE-2026-32153 is a high-severity Race Condition (CWE-362) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 16.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-32153 is a use-after-free vulnerability (CWE-416, associated with CWE-362) in the Microsoft Windows Speech component. Published on 2026-04-14, it has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.
The vulnerability can be exploited by an authorized local attacker with low privileges. Exploitation requires only local access and low attack complexity, with no user interaction needed. Successful exploitation allows the attacker to elevate privileges on the affected system.
For mitigation details, refer to the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32153.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-22538
Vulnerability details
Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in Windows Speech component directly enables local privilege escalation via exploitation of a software vulnerability (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely patching and remediation of the use-after-free vulnerability in the Windows Speech component to prevent local privilege escalation.
Implements memory protection mechanisms like ASLR, DEP, and stack canaries that comprehensively mitigate use-after-free exploitation attempts.
Enforces least privilege on processes and users, limiting the scope and impact of successful privilege escalation from low-privilege local attackers.