CWE-822
Untrusted Pointer Dereference
The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
CVE-2026-26112 (GCVE-0-2026-26112)
Vulnerability from cvelistv5 – Published: 2026-03-10 17:05 – Updated: 2026-04-14 16:36
VLAI
Title
Microsoft Excel Remote Code Execution Vulnerability
Summary
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity
CWE
- CWE-822 - Untrusted Pointer Dereference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft 365 Apps for Enterprise |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Excel 2016 |
Affected:
16.0.0.0 , < 16.0.5543.1000
(custom)
|
|
| Microsoft | Microsoft Office 2019 |
Affected:
19.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC 2021 |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC 2024 |
Affected:
16.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC for Mac 2021 |
Affected:
16.0.1 , < 16.107.26030819
(custom)
|
|
| Microsoft | Microsoft Office LTSC for Mac 2024 |
Affected:
16.0.0 , < 16.107.26030819
(custom)
|
|
| Microsoft | Office Online Server |
Affected:
16.0.0.0 , < 16.0.10417.20102
(custom)
|
Date Public
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:55:48.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft 365 Apps for Enterprise",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Excel 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5543.1000",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Office LTSC for Mac 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.107.26030819",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Office LTSC for Mac 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.107.26030819",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"product": "Office Online Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.10417.20102",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
"versionEndExcluding": "16.0.10417.20102",
"versionStartIncluding": "16.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.107.26030819",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.107.26030819",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "16.0.5543.1000",
"versionStartIncluding": "16.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822: Untrusted Pointer Dereference",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:36:07.640Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Excel Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26112"
}
],
"title": "Microsoft Excel Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-26112",
"datePublished": "2026-03-10T17:05:03.510Z",
"dateReserved": "2026-02-11T15:52:13.910Z",
"dateUpdated": "2026-04-14T16:36:07.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26113 (GCVE-0-2026-26113)
Vulnerability from cvelistv5 – Published: 2026-03-10 17:05 – Updated: 2026-04-14 16:36
VLAI
Title
Microsoft Office Remote Code Execution Vulnerability
Summary
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity
CWE
- CWE-822 - Untrusted Pointer Dereference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft 365 Apps for Enterprise |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office 2016 |
Affected:
16.0.0 , < 16.0.5543.1000
(custom)
|
|
| Microsoft | Microsoft Office 2019 |
Affected:
19.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC 2021 |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC 2024 |
Affected:
16.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC for Mac 2021 |
Affected:
16.0.1 , < 16.107.26030819
(custom)
|
|
| Microsoft | Microsoft Office LTSC for Mac 2024 |
Affected:
16.0.0 , < 16.107.26030819
(custom)
|
|
| Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Affected:
16.0.0 , < 16.0.5543.1000
(custom)
|
|
| Microsoft | Microsoft SharePoint Server 2019 |
Affected:
16.0.0 , < 16.0.10417.20102
(custom)
|
|
| Microsoft | Microsoft SharePoint Server Subscription Edition |
Affected:
16.0.0 , < 16.0.19725.20076
(custom)
|
Date Public
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:55:41.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft 365 Apps for Enterprise",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5543.1000",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Office LTSC for Mac 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.107.26030819",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Office LTSC for Mac 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.107.26030819",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Enterprise Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5543.1000",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.10417.20102",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server Subscription Edition",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19725.20076",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "16.0.5543.1000",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
"versionEndExcluding": "16.0.19725.20076",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.10417.20102",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.107.26030819",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.107.26030819",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "16.0.5543.1000",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822: Untrusted Pointer Dereference",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:36:08.605Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Office Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113"
}
],
"title": "Microsoft Office Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-26113",
"datePublished": "2026-03-10T17:05:04.093Z",
"dateReserved": "2026-02-11T15:52:13.910Z",
"dateUpdated": "2026-04-14T16:36:08.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26161 (GCVE-0-2026-26161)
Vulnerability from cvelistv5 – Published: 2026-04-14 16:57 – Updated: 2026-05-12 17:37
VLAI
Title
Windows Sensor Data Service Elevation of Privilege Vulnerability
Summary
Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
Severity
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.8644
(custom)
|
|
| Microsoft | Windows 10 Version 21H2 |
Affected:
10.0.19044.0 , < 10.0.19044.7184
(custom)
|
|
| Microsoft | Windows 10 Version 22H2 |
Affected:
10.0.19045.0 , < 10.0.19045.7184
(custom)
|
|
| Microsoft | Windows 11 version 22H3 |
Affected:
10.0.22631.0 , < 10.0.22631.6936
(custom)
|
|
| Microsoft | Windows 11 Version 23H2 |
Affected:
10.0.22631.0 , < 10.0.22631.6936
(custom)
|
|
| Microsoft | Windows 11 Version 24H2 |
Affected:
10.0.26100.0 , < 10.0.26100.8246
(custom)
|
|
| Microsoft | Windows 11 Version 25H2 |
Affected:
10.0.26200.0 , < 10.0.26200.8246
(custom)
|
|
| Microsoft | Windows 11 version 26H1 |
Affected:
10.0.28000.0 , < 10.0.28000.1836
(custom)
|
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.17763.0 , < 10.0.17763.8644
(custom)
|
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.17763.0 , < 10.0.17763.8644
(custom)
|
|
| Microsoft | Windows Server 2022 |
Affected:
10.0.20348.0 , < 10.0.20348.5020
(custom)
|
|
| Microsoft | Windows Server 2022, 23H2 Edition (Server Core installation) |
Affected:
10.0.25398.0 , < 10.0.25398.2274
(custom)
|
|
| Microsoft | Windows Server 2025 |
Affected:
10.0.26100.0 , < 10.0.26100.32690
(custom)
|
|
| Microsoft | Windows Server 2025 (Server Core installation) |
Affected:
10.0.26100.0 , < 10.0.26100.32690
(custom)
|
Date Public
2026-04-14 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:58:07.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8644",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7184",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7184",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6936",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6936",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8246",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8246",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1836",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8644",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8644",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.5020",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2274",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32690",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32690",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8644",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8644",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8644",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.5020",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7184",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7184",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32690",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8246",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6936",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6936",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2274",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8246",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32690",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1836",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-04-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822: Untrusted Pointer Dereference",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T17:37:57.370Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Sensor Data Service Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26161"
}
],
"title": "Windows Sensor Data Service Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-26161",
"datePublished": "2026-04-14T16:57:01.363Z",
"dateReserved": "2026-02-11T18:33:57.775Z",
"dateUpdated": "2026-05-12T17:37:57.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27919 (GCVE-0-2026-27919)
Vulnerability from cvelistv5 – Published: 2026-04-14 16:57 – Updated: 2026-05-12 17:38
VLAI
Title
Windows UPnP Device Host Elevation of Privilege Vulnerability
Summary
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
Severity
CWE
- CWE-822 - Untrusted Pointer Dereference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
21 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.9060
(custom)
|
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.8644
(custom)
|
|
| Microsoft | Windows 10 Version 21H2 |
Affected:
10.0.19044.0 , < 10.0.19044.7184
(custom)
|
|
| Microsoft | Windows 10 Version 22H2 |
Affected:
10.0.19045.0 , < 10.0.19045.7184
(custom)
|
|
| Microsoft | Windows 11 version 22H3 |
Affected:
10.0.22631.0 , < 10.0.22631.6936
(custom)
|
|
| Microsoft | Windows 11 Version 23H2 |
Affected:
10.0.22631.0 , < 10.0.22631.6936
(custom)
|
|
| Microsoft | Windows 11 Version 24H2 |
Affected:
10.0.26100.0 , < 10.0.26100.8246
(custom)
|
|
| Microsoft | Windows 11 Version 25H2 |
Affected:
10.0.26200.0 , < 10.0.26200.8246
(custom)
|
|
| Microsoft | Windows 11 version 26H1 |
Affected:
10.0.28000.0 , < 10.0.28000.1836
(custom)
|
|
| Microsoft | Windows Server 2012 |
Affected:
6.2.9200.0 , < 6.2.9200.26026
(custom)
|
|
| Microsoft | Windows Server 2012 (Server Core installation) |
Affected:
6.2.9200.0 , < 6.2.9200.26026
(custom)
|
|
| Microsoft | Windows Server 2012 R2 |
Affected:
6.3.9600.0 , < 6.3.9600.23132
(custom)
|
|
| Microsoft | Windows Server 2012 R2 (Server Core installation) |
Affected:
6.3.9600.0 , < 6.3.9600.23132
(custom)
|
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.14393.0 , < 10.0.14393.9060
(custom)
|
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.14393.0 , < 10.0.14393.9060
(custom)
|
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.17763.0 , < 10.0.17763.8644
(custom)
|
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.17763.0 , < 10.0.17763.8644
(custom)
|
|
| Microsoft | Windows Server 2022 |
Affected:
10.0.20348.0 , < 10.0.20348.5020
(custom)
|
|
| Microsoft | Windows Server 2022, 23H2 Edition (Server Core installation) |
Affected:
10.0.25398.0 , < 10.0.25398.2274
(custom)
|
|
| Microsoft | Windows Server 2025 |
Affected:
10.0.26100.0 , < 10.0.26100.32690
(custom)
|
|
| Microsoft | Windows Server 2025 (Server Core installation) |
Affected:
10.0.26100.0 , < 10.0.26100.32690
(custom)
|
Date Public
2026-04-14 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:55:35.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.9060",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8644",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7184",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7184",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6936",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6936",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8246",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8246",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1836",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.26026",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.26026",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23132",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23132",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.9060",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.9060",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8644",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8644",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.5020",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2274",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32690",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32690",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8644",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8644",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8644",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.5020",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7184",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7184",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32690",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8246",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6936",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6936",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2274",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8246",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32690",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.9060",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.9060",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.9060",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.26026",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.26026",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23132",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23132",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1836",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-04-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822: Untrusted Pointer Dereference",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T17:38:09.798Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows UPnP Device Host Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27919"
}
],
"title": "Windows UPnP Device Host Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-27919",
"datePublished": "2026-04-14T16:57:13.307Z",
"dateReserved": "2026-02-24T21:35:49.687Z",
"dateUpdated": "2026-05-12T17:38:09.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27920 (GCVE-0-2026-27920)
Vulnerability from cvelistv5 – Published: 2026-04-14 16:58 – Updated: 2026-05-12 17:39
VLAI
Title
Windows UPnP Device Host Elevation of Privilege Vulnerability
Summary
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
Severity
CWE
- CWE-822 - Untrusted Pointer Dereference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
21 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.9060
(custom)
|
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.8644
(custom)
|
|
| Microsoft | Windows 10 Version 21H2 |
Affected:
10.0.19044.0 , < 10.0.19044.7184
(custom)
|
|
| Microsoft | Windows 10 Version 22H2 |
Affected:
10.0.19045.0 , < 10.0.19045.7184
(custom)
|
|
| Microsoft | Windows 11 version 22H3 |
Affected:
10.0.22631.0 , < 10.0.22631.6936
(custom)
|
|
| Microsoft | Windows 11 Version 23H2 |
Affected:
10.0.22631.0 , < 10.0.22631.6936
(custom)
|
|
| Microsoft | Windows 11 Version 24H2 |
Affected:
10.0.26100.0 , < 10.0.26100.8246
(custom)
|
|
| Microsoft | Windows 11 Version 25H2 |
Affected:
10.0.26200.0 , < 10.0.26200.8246
(custom)
|
|
| Microsoft | Windows 11 version 26H1 |
Affected:
10.0.28000.0 , < 10.0.28000.1836
(custom)
|
|
| Microsoft | Windows Server 2012 |
Affected:
6.2.9200.0 , < 6.2.9200.26026
(custom)
|
|
| Microsoft | Windows Server 2012 (Server Core installation) |
Affected:
6.2.9200.0 , < 6.2.9200.26026
(custom)
|
|
| Microsoft | Windows Server 2012 R2 |
Affected:
6.3.9600.0 , < 6.3.9600.23132
(custom)
|
|
| Microsoft | Windows Server 2012 R2 (Server Core installation) |
Affected:
6.3.9600.0 , < 6.3.9600.23132
(custom)
|
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.14393.0 , < 10.0.14393.9060
(custom)
|
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.14393.0 , < 10.0.14393.9060
(custom)
|
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.17763.0 , < 10.0.17763.8644
(custom)
|
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.17763.0 , < 10.0.17763.8644
(custom)
|
|
| Microsoft | Windows Server 2022 |
Affected:
10.0.20348.0 , < 10.0.20348.5020
(custom)
|
|
| Microsoft | Windows Server 2022, 23H2 Edition (Server Core installation) |
Affected:
10.0.25398.0 , < 10.0.25398.2274
(custom)
|
|
| Microsoft | Windows Server 2025 |
Affected:
10.0.26100.0 , < 10.0.26100.32690
(custom)
|
|
| Microsoft | Windows Server 2025 (Server Core installation) |
Affected:
10.0.26100.0 , < 10.0.26100.32690
(custom)
|
Date Public
2026-04-14 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:55:41.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.9060",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8644",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7184",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7184",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6936",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6936",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8246",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8246",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1836",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.26026",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.26026",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23132",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23132",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.9060",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.9060",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8644",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8644",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.5020",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2274",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32690",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32690",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1836",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8644",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8644",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8644",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.5020",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7184",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7184",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32690",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8246",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6936",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6936",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2274",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8246",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32690",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.9060",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.9060",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.9060",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.26026",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.26026",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23132",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23132",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-04-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822: Untrusted Pointer Dereference",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T17:39:06.320Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows UPnP Device Host Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27920"
}
],
"title": "Windows UPnP Device Host Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-27920",
"datePublished": "2026-04-14T16:58:10.717Z",
"dateReserved": "2026-02-24T21:35:49.687Z",
"dateUpdated": "2026-05-12T17:39:06.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32077 (GCVE-0-2026-32077)
Vulnerability from cvelistv5 – Published: 2026-04-14 16:58 – Updated: 2026-05-26 17:56
VLAI
Title
Windows UPnP Device Host Elevation of Privilege Vulnerability
Summary
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
Severity
CWE
- CWE-822 - Untrusted Pointer Dereference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
21 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.9060
(custom)
|
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.8644
(custom)
|
|
| Microsoft | Windows 10 Version 21H2 |
Affected:
10.0.19044.0 , < 10.0.19044.7184
(custom)
|
|
| Microsoft | Windows 10 Version 22H2 |
Affected:
10.0.19045.0 , < 10.0.19045.7184
(custom)
|
|
| Microsoft | Windows 11 version 22H3 |
Affected:
10.0.22631.0 , < 10.0.22631.6936
(custom)
|
|
| Microsoft | Windows 11 Version 23H2 |
Affected:
10.0.22631.0 , < 10.0.22631.6936
(custom)
|
|
| Microsoft | Windows 11 Version 24H2 |
Affected:
10.0.26100.0 , < 10.0.26100.8246
(custom)
|
|
| Microsoft | Windows 11 Version 25H2 |
Affected:
10.0.26200.0 , < 10.0.26200.8246
(custom)
|
|
| Microsoft | Windows 11 version 26H1 |
Affected:
10.0.28000.0 , < 10.0.28000.1836
(custom)
|
|
| Microsoft | Windows Server 2012 |
Affected:
6.2.9200.0 , < 6.2.9200.26026
(custom)
|
|
| Microsoft | Windows Server 2012 (Server Core installation) |
Affected:
6.2.9200.0 , < 6.2.9200.26026
(custom)
|
|
| Microsoft | Windows Server 2012 R2 |
Affected:
6.3.9600.0 , < 6.3.9600.23132
(custom)
|
|
| Microsoft | Windows Server 2012 R2 (Server Core installation) |
Affected:
6.3.9600.0 , < 6.3.9600.23132
(custom)
|
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.14393.0 , < 10.0.14393.9060
(custom)
|
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.14393.0 , < 10.0.14393.9060
(custom)
|
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.17763.0 , < 10.0.17763.8644
(custom)
|
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.17763.0 , < 10.0.17763.8644
(custom)
|
|
| Microsoft | Windows Server 2022 |
Affected:
10.0.20348.0 , < 10.0.20348.5020
(custom)
|
|
| Microsoft | Windows Server 2022, 23H2 Edition (Server Core installation) |
Affected:
10.0.25398.0 , < 10.0.25398.2274
(custom)
|
|
| Microsoft | Windows Server 2025 |
Affected:
10.0.26100.0 , < 10.0.26100.32690
(custom)
|
|
| Microsoft | Windows Server 2025 (Server Core installation) |
Affected:
10.0.26100.0 , < 10.0.26100.32690
(custom)
|
Date Public
2026-04-14 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T03:55:40.735755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T09:13:14.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-05-26T17:56:59.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2026-32077-detection-script-elevation-of-privilege-vulnerability-affecting-windows-upnp"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2026-32077-mitigation-script-elevation-of-privilege-vulnerability-affecting-windows-upnp"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.9060",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8644",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7184",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7184",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6936",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6936",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8246",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8246",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1836",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.26026",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.26026",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23132",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23132",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.9060",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.9060",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8644",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8644",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.5020",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2274",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32690",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32690",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1836",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8644",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8644",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8644",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.5020",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7184",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7184",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32690",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8246",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6936",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6936",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2274",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8246",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32690",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.9060",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.9060",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.9060",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.26026",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.26026",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23132",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23132",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-04-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822: Untrusted Pointer Dereference",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T17:39:14.659Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows UPnP Device Host Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32077"
}
],
"title": "Windows UPnP Device Host Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-32077",
"datePublished": "2026-04-14T16:58:20.124Z",
"dateReserved": "2026-03-10T22:02:18.666Z",
"dateUpdated": "2026-05-26T17:56:59.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32222 (GCVE-0-2026-32222)
Vulnerability from cvelistv5 – Published: 2026-04-14 16:57 – Updated: 2026-05-26 19:21
VLAI
Title
Windows Win32k Elevation of Privilege Vulnerability
Summary
Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Severity
CWE
- CWE-822 - Untrusted Pointer Dereference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 11 Version 24H2 |
Affected:
10.0.26100.0 , < 10.0.26100.8246
(custom)
|
|
| Microsoft | Windows 11 Version 25H2 |
Affected:
10.0.26200.0 , < 10.0.26200.8246
(custom)
|
|
| Microsoft | Windows 11 version 26H1 |
Affected:
10.0.28000.0 , < 10.0.28000.1836
(custom)
|
|
| Microsoft | Windows Server 2025 |
Affected:
10.0.26100.0 , < 10.0.26100.32690
(custom)
|
|
| Microsoft | Windows Server 2025 (Server Core installation) |
Affected:
10.0.26100.0 , < 10.0.26100.32690
(custom)
|
Date Public
2026-04-14 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32222",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T03:55:28.439732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T19:21:53.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8246",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8246",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1836",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32690",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32690",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1836",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32690",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8246",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8246",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32690",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-04-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822: Untrusted Pointer Dereference",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T17:38:37.727Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Win32k Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32222"
}
],
"title": "Windows Win32k Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-32222",
"datePublished": "2026-04-14T16:57:42.408Z",
"dateReserved": "2026-03-11T01:49:58.662Z",
"dateUpdated": "2026-05-26T19:21:53.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33114 (GCVE-0-2026-33114)
Vulnerability from cvelistv5 – Published: 2026-04-14 16:58 – Updated: 2026-05-12 17:39
VLAI
Title
Microsoft Word Remote Code Execution Vulnerability
Summary
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity
CWE
- CWE-822 - Untrusted Pointer Dereference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft 365 Apps for Enterprise |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC 2021 |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC 2024 |
Affected:
16.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC for Mac 2021 |
Affected:
16.0.1 , < 16.108.26041219
(custom)
|
|
| Microsoft | Microsoft Office LTSC for Mac 2024 |
Affected:
16.0.0 , < 16.108.26041219
(custom)
|
Date Public
2026-04-14 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:56:53.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft 365 Apps for Enterprise",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Office LTSC for Mac 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.108.26041219",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Office LTSC for Mac 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.108.26041219",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.108.26041219",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.108.26041219",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-04-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822: Untrusted Pointer Dereference",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T17:39:41.827Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Word Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33114"
}
],
"title": "Microsoft Word Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-33114",
"datePublished": "2026-04-14T16:58:43.560Z",
"dateReserved": "2026-03-17T20:15:23.720Z",
"dateUpdated": "2026-05-12T17:39:41.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33120 (GCVE-0-2026-33120)
Vulnerability from cvelistv5 – Published: 2026-04-14 16:57 – Updated: 2026-05-12 17:38
VLAI
Title
Microsoft SQL Server Remote Code Execution Vulnerability
Summary
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
Severity
CWE
- CWE-822 - Untrusted Pointer Dereference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft SQL Server 2022 (GDR) |
Affected:
16.0.0 , < 16.0.1175.1
(custom)
|
Date Public
2026-04-14 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:57:04.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1175.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1175.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-04-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822: Untrusted Pointer Dereference",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T17:38:42.475Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33120"
}
],
"title": "Microsoft SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-33120",
"datePublished": "2026-04-14T16:57:48.207Z",
"dateReserved": "2026-03-17T20:15:23.721Z",
"dateUpdated": "2026-05-12T17:38:42.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40367 (GCVE-0-2026-40367)
Vulnerability from cvelistv5 – Published: 2026-05-12 16:59 – Updated: 2026-05-26 16:56
VLAI
Title
Microsoft Word Remote Code Execution Vulnerability
Summary
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity
CWE
- CWE-822 - Untrusted Pointer Dereference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft 365 Apps for Enterprise |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office 2019 |
Affected:
19.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC 2021 |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC 2024 |
Affected:
16.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC for Mac 2021 |
Affected:
16.0.1 , < 16.109.26051019
(custom)
|
|
| Microsoft | Microsoft Office LTSC for Mac 2024 |
Affected:
16.0.0 , < 16.109.26051019
(custom)
|
|
| Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Affected:
16.0.0 , < 16.0.5552.1002
(custom)
|
|
| Microsoft | Microsoft SharePoint Server 2019 |
Affected:
16.0.0 , < 16.0.10417.20128
(custom)
|
|
| Microsoft | Microsoft SharePoint Server Subscription Edition |
Affected:
16.0.0 , < 16.0.19725.20280
(custom)
|
|
| Microsoft | Microsoft Word 2016 |
Affected:
16.0.1 , < 16.0.5552.1000
(custom)
|
Date Public
2026-05-12 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T03:57:29.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft 365 Apps for Enterprise",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Office LTSC for Mac 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.109.26051019",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Office LTSC for Mac 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.109.26051019",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Enterprise Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5552.1002",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.10417.20128",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server Subscription Edition",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19725.20280",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Word 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5552.1000",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "16.0.5552.1002",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.10417.20128",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.109.26051019",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
"versionEndExcluding": "16.0.19725.20280",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.109.26051019",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.5552.1000",
"versionStartIncluding": "16.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-05-12T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822: Untrusted Pointer Dereference",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T16:56:55.625Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Word Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40367"
}
],
"title": "Microsoft Word Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-40367",
"datePublished": "2026-05-12T16:59:20.388Z",
"dateReserved": "2026-04-11T23:06:15.614Z",
"dateUpdated": "2026-05-26T16:56:55.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-129: Pointer Manipulation
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.