Cyber Posture

CVE-2026-33827

High

Published: 14 April 2026

Published
14 April 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0008 23.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-33827 is a high-severity Race Condition (CWE-362) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 23.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-4 (Information in Shared System Resources).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the race condition vulnerability by requiring identification, reporting, and timely correction of flaws in the Windows TCP/IP stack.

SC-4 Information in Shared System Resources partial match
prevent

Prevents unauthorized information transfer via shared system resources, addressing the improper synchronization in concurrent TCP/IP execution.

SI-16 Memory Protection partial match
prevent

Implements memory protection safeguards that mitigate arbitrary code execution resulting from the TCP/IP race condition exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

Race condition in Windows TCP/IP stack enables remote arbitrary code execution over the network with no authentication, directly mapping to exploitation of remote services for initial access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Deeper analysisAI

CVE-2026-33827 is a race condition vulnerability (CWE-362) in the Windows TCP/IP stack, stemming from concurrent execution using a shared resource with improper synchronization. This flaw allows an unauthorized attacker to execute arbitrary code over a network. The vulnerability carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

The vulnerability can be exploited by an unauthorized attacker with network access, requiring no privileges or user interaction but involving high attack complexity. Successful exploitation enables remote code execution, compromising confidentiality, integrity, and availability with high impact across affected systems.

Mitigation details are available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33827.

Details

CWE(s)
CWE-362

Affected Products

microsoft
windows 10 1607
≤ 10.0.14393.9060 · ≤ 10.0.14393.9060
microsoft
windows 10 1809
≤ 10.0.17763.8644 · ≤ 10.0.17763.8644
microsoft
windows 10 21h2
≤ 10.0.19044.7184 · ≤ 10.0.19044.7184 · ≤ 10.0.19044.7184
microsoft
windows 10 22h2
≤ 10.0.19045.7184 · ≤ 10.0.19045.7184 · ≤ 10.0.19045.7184
microsoft
windows 11 23h2
≤ 10.0.22631.6936 · ≤ 10.0.22631.6936
microsoft
windows 11 24h2
≤ 10.0.26100.8246 · ≤ 10.0.26100.8246
microsoft
windows 11 25h2
≤ 10.0.26200.8246 · ≤ 10.0.26200.8246
microsoft
windows 11 26h1
≤ 10.0.28000.1836 · ≤ 10.0.28000.1836
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.9060
+4 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2026-32164Same product: Microsoft Windows 10 1607
CVE-2026-20926Same product: Microsoft Windows 10 1607
CVE-2026-20919Same product: Microsoft Windows 10 1607
CVE-2026-33824Same product: Microsoft Windows 10 1607
CVE-2026-20848Same product: Microsoft Windows 10 1607
CVE-2026-21231Same product: Microsoft Windows 10 1607
CVE-2026-20934Same product: Microsoft Windows 10 1607
CVE-2025-21376Same product: Microsoft Windows 10 1607
CVE-2026-20921Same product: Microsoft Windows 10 1607
CVE-2026-20826Same product: Microsoft Windows 10 1607

References