CVE-2026-33826
Published: 14 April 2026
Summary
CVE-2026-33826 is a high-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 33.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation requires timely identification, reporting, and patching of vulnerabilities like this improper input validation flaw in Windows Active Directory, directly eliminating the exploit path.
Information input validation mandates checking the validity of all system inputs, directly addressing the CWE-20 improper input validation that enables arbitrary code execution in this CVE.
Boundary protection monitors and controls communications at network interfaces, mitigating adjacent network (AV:A) access required for low-privilege attackers to reach and exploit Active Directory.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
RCE vulnerability in Windows Active Directory exploitable over adjacent network by low-privilege authorized attacker directly maps to remote service exploitation (T1210) and privilege escalation via software vulnerability (T1068).
NVD Description
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.
Deeper analysisAI
CVE-2026-33826 is an improper input validation vulnerability (CWE-20) affecting Windows Active Directory. Published on 2026-04-14, it enables an authorized attacker to execute arbitrary code over an adjacent network, earning a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability can be exploited by an attacker with low privileges (PR:L) who has access to the adjacent network (AV:A). Exploitation requires low complexity (AC:L) and no user interaction (UI:N), allowing the attacker to achieve high impacts on confidentiality, integrity, and availability through remote code execution within the unchanged scope (S:U).
Microsoft's Security Response Center has published an update guide detailing mitigations and patches for CVE-2026-33826 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33826, which security practitioners should review for deployment instructions.
Details
- CWE(s)