Cyber Resilience

CVE-2026-34332

High

Published: 12 May 2026

Published
12 May 2026
Modified
14 May 2026
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0006 19.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-34332 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows Server 2025. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 19.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Use-after-free in kernel-mode drivers directly enables remote kernel code execution (T1210) leading to privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-20854Same product: Microsoft Windows Server 2025
CVE-2025-21372Same product: Microsoft Windows Server 2025
CVE-2025-21315Same product: Microsoft Windows Server 2025
CVE-2026-20870Same product: Microsoft Windows Server 2025
CVE-2026-20859Same product: Microsoft Windows Server 2025
CVE-2026-23669Same product: Microsoft Windows Server 2025
CVE-2026-25167Same product: Microsoft Windows Server 2025
CVE-2026-33840Same product: Microsoft Windows Server 2025
CVE-2025-21379Same product: Microsoft Windows Server 2025
CVE-2026-33101Same product: Microsoft Windows Server 2025

Affected Assets

microsoft
windows server 2025
≤ 10.0.26100.32772

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-416

Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.

References