CVE-2026-20833

MEDIUM

Windows Server 2008 and later - Information Disclosure via Broken Cryptographic Algorithm in Kerberos

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-20833. PoCs published by v-jfanca.

AI-analyzed exploit summary This repository provides comprehensive technical documentation and operational guidance for detecting and remediating RC4 usage in Kerberos authentication, as part of Microsoft's security changes for CVE-2026-20833. It includes PowerShell scripts, Power BI dashboards, and detailed analysis of Kerberos encryption usage.

Description

Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.

Exploits (1)

nomisec WRITEUP

by v-jfanca · poc

https://github.com/v-jfanca/cve-2026-20833-rc4-kerberos

View Code ZIP pw:eip

This repository provides comprehensive technical documentation and operational guidance for detecting and remediating RC4 usage in Kerberos authentication, as part of Microsoft's security changes for CVE-2026-20833. It includes PowerShell scripts, Power BI dashboards, and detailed analysis of Kerberos encryption usage.

Classification

Writeup 95%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Active Directory Kerberos

No auth needed

Prerequisites: Access to Domain Controller event logs · PowerShell execution rights · Power BI for dashboard visualization

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Mar 15, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20833

Scores

CVSS v3 5.5

EPSS 0.0036

EPSS Percentile 28.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-327

Status published

Products (25)

Microsoft/Windows Server 2008 R2 Service Pack 1 6.1.7601.0 - 6.1.7601.28117

Microsoft/Windows Server 2008 R2 Service Pack 1 (Server Core installation) 6.1.7601.0 - 6.1.7601.28117

Microsoft/Windows Server 2008 Service Pack 2 6.0.6003.0 - 6.0.6003.23717

Microsoft/Windows Server 2008 Service Pack 2 (Server Core installation) 6.0.6003.0 - 6.0.6003.23717

Microsoft/Windows Server 2012 6.2.9200.0 - 6.2.9200.25868

Microsoft/Windows Server 2012 (Server Core installation) 6.2.9200.0 - 6.2.9200.25868

Microsoft/Windows Server 2012 R2 6.3.9600.0 - 6.3.9600.22968

Microsoft/Windows Server 2012 R2 (Server Core installation) 6.3.9600.0 - 6.3.9600.22968

Microsoft/Windows Server 2016 10.0.14393.0 - 10.0.14393.8783

Microsoft/Windows Server 2016 (Server Core installation) 10.0.14393.0 - 10.0.14393.8783

... and 15 more

Published Jan 13, 2026

Tracked Since Feb 18, 2026