CVE-2026-33101

High

Published: 14 April 2026

Published

14 April 2026

Modified

17 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0005 15.2th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-33101 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 11 24H2. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely patching of the specific use-after-free vulnerability in Windows Print Spooler components to eliminate the privilege escalation risk.

CM-7 Least Functionality good match

prevent

Minimizes system functionality by disabling unnecessary Print Spooler services, directly removing the vulnerable attack surface for local privilege escalation.

SI-16 Memory Protection partial match

prevent

Implements memory safeguards such as ASLR and DEP to hinder exploitation of the use-after-free vulnerability even if unpatched.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Use-after-free in Print Spooler enables local low-priv code execution leading to SYSTEM-level privilege escalation, matching T1068 directly.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.

Deeper analysisAI

CVE-2026-33101 is a use-after-free vulnerability (CWE-416) in Windows Print Spooler Components. It affects Windows systems and was published on 2026-04-14T18:17:32.797 with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The vulnerability can be exploited by an authorized local attacker with low privileges. Successful exploitation allows the attacker to elevate privileges on the affected system, potentially compromising confidentiality, integrity, and availability with high impact.

Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33101 provides details on mitigation and patching for this vulnerability.

Details

CWE(s): CWE-416

Affected Products

microsoft

windows 11 24h2

≤ 10.0.26100.8246 · ≤ 10.0.26100.8246

microsoft

windows 11 25h2

≤ 10.0.26200.8246 · ≤ 10.0.26200.8246

microsoft

windows 11 26h1

≤ 10.0.28000.1836 · ≤ 10.0.28000.1836

microsoft

windows server 2022 23h2

≤ 10.0.25398.2274

microsoft

windows server 2025

≤ 10.0.26100.32690

CVEs Like This One

CVE-2026-25167Same product: Microsoft Windows 11 24H2

CVE-2025-21315Same product: Microsoft Windows 11 24H2

CVE-2026-20859Same product: Microsoft Windows 11 24H2

CVE-2026-20870Same product: Microsoft Windows 11 24H2

CVE-2025-21372Same product: Microsoft Windows 11 24H2

CVE-2026-26181Same product: Microsoft Windows 11 24H2

CVE-2026-26132Same product: Microsoft Windows 11 24H2

CVE-2026-24283Same product: Microsoft Windows 11 24H2

CVE-2026-24292Same product: Microsoft Windows 11 24H2

CVE-2026-32078Same product: Microsoft Windows 11 24H2

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33101
Vendor Advisory · secure@microsoft.com