Cyber Posture

CVE-2026-32183

High

Published: 14 April 2026

Published
14 April 2026
Modified
20 April 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0005 16.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32183 is a high-severity Command Injection (CWE-77) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 16.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates this CVE by requiring timely identification, reporting, and patching of the command injection flaw in Windows Snipping Tool.

SI-10 Information Input Validation good match
prevent

Prevents exploitation by enforcing validation of inputs to neutralize special elements used in commands within the Snipping Tool.

SI-16 Memory Protection partial match
prevent

Reduces impact of arbitrary code execution from command injection via runtime memory protection safeguards.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1059.003 Windows Command Shell Execution
Adversaries may abuse the Windows command shell for execution.
attack.mitre.org →
Why these techniques?

Command injection (CWE-77) in Windows client app (Snipping Tool) enables local arbitrary code execution via crafted user-opened input, directly mapping to T1203 (Exploitation for Client Execution) and T1059.003 (Windows Command Shell) for injected command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.

Deeper analysisAI

CVE-2026-32183 is a command injection vulnerability (CWE-77) affecting the Windows Snipping Tool. Published on 2026-04-14, it arises from improper neutralization of special elements used in a command, allowing an unauthorized attacker to execute code locally. The issue carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

An attacker with local access can exploit this vulnerability through low-complexity attacks that require user interaction but no special privileges. By tricking a user into performing an action within the Snipping Tool—such as processing a specially crafted input—the attacker can achieve arbitrary code execution on the local system, resulting in high impacts to confidentiality, integrity, and availability.

Microsoft's update guide provides details on mitigation, available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32183.

Details

CWE(s)
CWE-77

Affected Products

microsoft
windows 10 1607
≤ 10.0.14393.9060 · ≤ 10.0.14393.9060
microsoft
windows 10 1809
≤ 10.0.17763.8644 · ≤ 10.0.17763.8644
microsoft
windows 10 21h2
≤ 10.0.19044.7184 · ≤ 10.0.19044.7184 · ≤ 10.0.19044.7184
microsoft
windows 10 22h2
≤ 10.0.19045.7184 · ≤ 10.0.19045.7184 · ≤ 10.0.19045.7184
microsoft
windows 11 23h2
≤ 10.0.22631.6936 · ≤ 10.0.22631.6936
microsoft
windows 11 24h2
≤ 10.0.26100.8246 · ≤ 10.0.26100.8246
microsoft
windows 11 25h2
≤ 10.0.26200.8246 · ≤ 10.0.26200.8246
microsoft
windows 11 26h1
≤ 10.0.28000.1836 · ≤ 10.0.28000.1836
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.9060
+4 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2025-21413Same product: Microsoft Windows 10 1607
CVE-2026-32157Same product: Microsoft Windows 10 1607
CVE-2026-21510Same product: Microsoft Windows 10 1607
CVE-2026-21513Same product: Microsoft Windows 10 1607
CVE-2026-21247Same product: Microsoft Windows 10 1607
CVE-2025-59295Same product: Microsoft Windows 10 1607
CVE-2026-27914Same product: Microsoft Windows 10 1607
CVE-2026-27915Same product: Microsoft Windows 10 1607
CVE-2026-25165Same product: Microsoft Windows 10 1607
CVE-2026-27920Same product: Microsoft Windows 10 1607

References