Cyber Resilience

CVE-2026-32183

High

Published: 14 April 2026

Published
14 April 2026
Modified
20 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0006 19.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32183 is a high-severity Command Injection (CWE-77) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 19.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-32183 is a command injection vulnerability (CWE-77) affecting the Windows Snipping Tool. Published on 2026-04-14, it arises from improper neutralization of special elements used in a command, allowing an unauthorized attacker to execute code locally. The issue carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

An attacker with local access can exploit this vulnerability through low-complexity attacks that require user interaction but no special privileges. By tricking a user into performing an action within the Snipping Tool—such as processing a specially crafted input—the attacker can achieve arbitrary code execution on the local system, resulting in high impacts to confidentiality, integrity, and availability.

Microsoft's update guide provides details on mitigation, available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32183.

EU & UK References

Vulnerability details

Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1059.003 Windows Command Shell Execution
Adversaries may abuse the Windows command shell for execution.
Why these techniques?

Command injection (CWE-77) in Windows client app (Snipping Tool) enables local arbitrary code execution via crafted user-opened input, directly mapping to T1203 (Exploitation for Client Execution) and T1059.003 (Windows Command Shell) for injected command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21413Same product: Microsoft Windows 10 1607
CVE-2026-32157Same product: Microsoft Windows 10 1607
CVE-2026-21510Same product: Microsoft Windows 10 1607
CVE-2026-21513Same product: Microsoft Windows 10 1607
CVE-2026-35421Same product: Microsoft Windows 10 1607
CVE-2026-21247Same product: Microsoft Windows 10 1607
CVE-2025-59295Same product: Microsoft Windows 10 1607
CVE-2026-34329Same product: Microsoft Windows 10 1607
CVE-2026-25174Same product: Microsoft Windows 10 1607
CVE-2026-27920Same product: Microsoft Windows 10 1607

Affected Assets

microsoft
windows 10 1607
≤ 10.0.14393.9060 · ≤ 10.0.14393.9060
microsoft
windows 10 1809
≤ 10.0.17763.8644 · ≤ 10.0.17763.8644
microsoft
windows 10 21h2
≤ 10.0.19044.7184 · ≤ 10.0.19044.7184 · ≤ 10.0.19044.7184
microsoft
windows 10 22h2
≤ 10.0.19045.7184 · ≤ 10.0.19045.7184 · ≤ 10.0.19045.7184
microsoft
windows 11 23h2
≤ 10.0.22631.6936 · ≤ 10.0.22631.6936
microsoft
windows 11 24h2
≤ 10.0.26100.8246 · ≤ 10.0.26100.8246
microsoft
windows 11 25h2
≤ 10.0.26200.8246 · ≤ 10.0.26200.8246
microsoft
windows 11 26h1
≤ 10.0.28000.1836 · ≤ 10.0.28000.1836
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.9060
+4 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates this CVE by requiring timely identification, reporting, and patching of the command injection flaw in Windows Snipping Tool.

prevent

Prevents exploitation by enforcing validation of inputs to neutralize special elements used in commands within the Snipping Tool.

prevent

Reduces impact of arbitrary code execution from command injection via runtime memory protection safeguards.

References