CVE-2026-33824

CRITICAL

Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2026-33824. PoCs published by EpSiLoNPoInTOrI, kaleth4, z3r0h3ro.

AI-analyzed exploit summary This repository contains a functional exploit PoC targeting a double-free vulnerability in `ikeext.dll` (CVE-2026-33824) on Windows. The exploit includes advanced obfuscation techniques, heap grooming, and a reverse shell listener, demonstrating a complete IKEv2 exploitation chain.

Description

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

Exploits (3)

github WORKING POC
by EpSiLoNPoInTOrI · c++poc
https://github.com/EpSiLoNPoInTOrI/IKEV2-POC

This repository contains a functional exploit PoC targeting a double-free vulnerability in `ikeext.dll` (CVE-2026-33824) on Windows. The exploit includes advanced obfuscation techniques, heap grooming, and a reverse shell listener, demonstrating a complete IKEv2 exploitation chain.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Windows IKEv2 (ikeext.dll)
No auth needed
Prerequisites: Network access to target · IKEv2 service running on target
devstral-2 · analyzed May 18, 2026 Full analysis →
nomisec WRITEUP
by kaleth4 · poc
https://github.com/kaleth4/CVE-2026-33824

This repository provides a detailed technical analysis of CVE-2026-33824, a critical Double Free vulnerability in the Windows IKE protocol, including exploitation mechanics, remediation steps, and detection strategies.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Complex
Reliability
Theoretical
Target: Windows IKE Service (svchost.exe)
No auth needed
Prerequisites: Network access to UDP ports 500/4500 · Unpatched Windows system
devstral-2 · analyzed Apr 22, 2026 Full analysis →
nomisec SUSPICIOUS
by z3r0h3ro · poc
https://github.com/z3r0h3ro/CVE-2026-33824

The repository claims to provide a remote code execution exploit for CVE-2026-33824, a Windows IKEv2 double-free vulnerability, but only includes a README with detailed usage instructions and no actual exploit code. Instead, it redirects users to an external download link (tinyurl.com/8htp9399), which is a common tactic for distributing malware or monetizing fake exploits.

Classification
Suspicious 95%
Attack Type
Rce
Complexity
Complex
Reliability
Theoretical
Target: Windows IKE Extension (IKEEXT) on Windows 10 1607–22H2, Windows 11 22H2–26H1, Server 2016–2025
No auth needed
Prerequisites: UDP/500-4500 access to target · root privileges on attacker machine for raw sockets
devstral-2 · analyzed Apr 17, 2026 Full analysis →

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33824

Scores

CVSS v3 9.8
EPSS 0.0006
EPSS Percentile 18.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-415
Status published
Products (31)
Microsoft/Windows 10 Version 1607 10.0.14393.0 - 10.0.14393.9060
Microsoft/Windows 10 Version 1809 10.0.17763.0 - 10.0.17763.8644
Microsoft/Windows 10 Version 21H2 10.0.19044.0 - 10.0.19044.7184
Microsoft/Windows 10 Version 22H2 10.0.19045.0 - 10.0.19045.7184
Microsoft/Windows 11 version 22H3 10.0.22631.0 - 10.0.22631.6936
Microsoft/Windows 11 Version 23H2 10.0.22631.0 - 10.0.22631.6936
Microsoft/Windows 11 Version 24H2 10.0.26100.0 - 10.0.26100.32690
Microsoft/Windows 11 Version 24H2 10.0.26100.0 - 10.0.26100.8246
Microsoft/Windows 11 Version 25H2 10.0.26200.0 - 10.0.26200.8246
Microsoft/Windows 11 version 26H1 10.0.28000.0 - 10.0.28000.1836
... and 21 more
Published Apr 14, 2026
Tracked Since Apr 14, 2026