CVE-2026-32222
Published: 14 April 2026
Summary
CVE-2026-32222 is a high-severity Untrusted Pointer Dereference (CWE-822) vulnerability in Microsoft Windows 11 24H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 18.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-32222 is an untrusted pointer dereference vulnerability, classified under CWE-822, affecting the Windows Win32K ICOMP component. Published on 2026-04-14T18:17:30.290, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on affected Windows systems.
The vulnerability can be exploited by an authorized local attacker possessing low privileges. Exploitation requires only local access and low attack complexity with no user interaction, enabling the attacker to elevate privileges locally and achieve high impacts on confidentiality, integrity, and availability.
Mitigation details are available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32222.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-22610
Vulnerability details
Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local untrusted pointer dereference in Win32K kernel component directly enables local privilege escalation from low-privileged context to SYSTEM-level access via exploitation of the OS vulnerability.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation directly patches the untrusted pointer dereference in Windows Win32K ICOMP, eliminating the privilege escalation vulnerability.
Memory protection mechanisms prevent unauthorized access and exploitation of untrusted pointer dereferences in kernel components like Win32K.
Information input validation ensures untrusted pointers provided to Win32K ICOMP are checked for validity before dereference, blocking the root cause of the vulnerability.