Cyber Posture

CVE-2026-33824

Critical

Published: 14 April 2026

Published
14 April 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 28.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-33824 is a critical-severity Double Free (CWE-415) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely remediation of flaws like this double free vulnerability through patching, directly preventing exploitation.

SI-16 Memory Protection good match
prevent

Enforces memory protections such as DEP and ASLR that mitigate double free exploitation leading to code execution.

SC-7 Boundary Protection partial match
prevent

Implements boundary protections to restrict network access to the vulnerable IKE Extension service, reducing remote attack opportunities.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

The double free vulnerability in the Windows IKE Extension component allows remote unauthenticated attackers to trigger arbitrary code execution over the network, directly enabling exploitation of remote services.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

Deeper analysisAI

CVE-2026-33824 is a double free vulnerability (CWE-415) in the Windows IKE Extension. This flaw affects Windows systems that utilize the IKE Extension component for Internet Key Exchange operations. Published on 2026-04-14T18:17:34.767, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.

An unauthorized attacker can exploit this vulnerability remotely over the network without requiring authentication, privileges, or user interaction. Exploitation triggers a double free condition, enabling arbitrary code execution on the target system and resulting in high impacts to confidentiality, integrity, and availability.

Microsoft provides guidance on this vulnerability through its Security Response Center update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33824.

Details

CWE(s)
CWE-415

Affected Products

microsoft
windows 10 1607
≤ 10.0.14393.9060 · ≤ 10.0.14393.9060
microsoft
windows 10 1809
≤ 10.0.17763.8644 · ≤ 10.0.17763.8644
microsoft
windows 10 21h2
≤ 10.0.19044.7184 · ≤ 10.0.19044.7184 · ≤ 10.0.19044.7184
microsoft
windows 10 22h2
≤ 10.0.19045.7184 · ≤ 10.0.19045.7184 · ≤ 10.0.19045.7184
microsoft
windows 11 23h2
≤ 10.0.22631.6936 · ≤ 10.0.22631.6936
microsoft
windows 11 24h2
≤ 10.0.26100.8246 · ≤ 10.0.26100.8246
microsoft
windows 11 25h2
≤ 10.0.26200.8246 · ≤ 10.0.26200.8246
microsoft
windows 11 26h1
≤ 10.0.28000.1836 · ≤ 10.0.28000.1836
microsoft
windows server 2016
≤ 10.0.14393.9060
microsoft
windows server 2019
≤ 10.0.17763.8644
+3 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2026-26163Same product: Microsoft Windows 10 1607
CVE-2026-33838Same product: Microsoft Windows 10 1607
CVE-2026-33827Same product: Microsoft Windows 10 1607
CVE-2026-20832Same product: Microsoft Windows 10 1607
CVE-2025-49688Same product: Microsoft Windows Server 2016
CVE-2026-32074Same product: Microsoft Windows 10 1809
CVE-2026-32069Same product: Microsoft Windows 10 1809
CVE-2025-21248Same product: Microsoft Windows 10 1607
CVE-2026-25173Same product: Microsoft Windows 10 1607
CVE-2026-23669Same product: Microsoft Windows 10 1607

References