Cyber Resilience

CVE-2026-33827

High

Published: 14 April 2026

Published
14 April 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0084 53.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-33827 is a high-severity Race Condition (CWE-362) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 47.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-4 (Information in Shared System Resources).

Deeper analysis

CVE-2026-33827 is a race condition vulnerability (CWE-362) in the Windows TCP/IP stack, stemming from concurrent execution using a shared resource with improper synchronization. This flaw allows an unauthorized attacker to execute arbitrary code over a network. The vulnerability carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

The vulnerability can be exploited by an unauthorized attacker with network access, requiring no privileges or user interaction but involving high attack complexity. Successful exploitation enables remote code execution, compromising confidentiality, integrity, and availability with high impact across affected systems.

Mitigation details are available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33827.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Race condition in Windows TCP/IP stack enables remote arbitrary code execution over the network with no authentication, directly mapping to exploitation of remote services for initial access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-34351Same product: Microsoft Windows 10 1607
CVE-2026-34334Same product: Microsoft Windows 10 1607
CVE-2026-32161Same product: Microsoft Windows 10 1607
CVE-2026-34329Same product: Microsoft Windows 10 1607
CVE-2026-20934Same product: Microsoft Windows 10 1607
CVE-2026-32164Same product: Microsoft Windows 10 1607
CVE-2026-20919Same product: Microsoft Windows 10 1607
CVE-2026-21231Same product: Microsoft Windows 10 1607
CVE-2026-20848Same product: Microsoft Windows 10 1607
CVE-2026-20926Same product: Microsoft Windows 10 1607

Affected Assets

microsoft
windows 10 1607
≤ 10.0.14393.9060 · ≤ 10.0.14393.9060
microsoft
windows 10 1809
≤ 10.0.17763.8644 · ≤ 10.0.17763.8644
microsoft
windows 10 21h2
≤ 10.0.19044.7184 · ≤ 10.0.19044.7184 · ≤ 10.0.19044.7184
microsoft
windows 10 22h2
≤ 10.0.19045.7184 · ≤ 10.0.19045.7184 · ≤ 10.0.19045.7184
microsoft
windows 11 23h2
≤ 10.0.22631.6936 · ≤ 10.0.22631.6936
microsoft
windows 11 24h2
≤ 10.0.26100.8246 · ≤ 10.0.26100.8246
microsoft
windows 11 25h2
≤ 10.0.26200.8246 · ≤ 10.0.26200.8246
microsoft
windows 11 26h1
≤ 10.0.28000.1836 · ≤ 10.0.28000.1836
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.9060
+4 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the race condition vulnerability by requiring identification, reporting, and timely correction of flaws in the Windows TCP/IP stack.

prevent

Prevents unauthorized information transfer via shared system resources, addressing the improper synchronization in concurrent TCP/IP execution.

prevent

Implements memory protection safeguards that mitigate arbitrary code execution resulting from the TCP/IP race condition exploitation.

References