CVE-2026-33824

CRITICAL

Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability

Title source: cna

Description

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

Exploits (2)

nomisec WRITEUP
by kaleth4 · poc
https://github.com/kaleth4/CVE-2026-33824
nomisec SUSPICIOUS
by z3r0h3ro · poc
https://github.com/z3r0h3ro/CVE-2026-33824

References (1)

Scores

CVSS v3 9.8
EPSS 0.0010
EPSS Percentile 26.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-415
Status published
Products (31)
microsoft/windows_10_1607 < 10.0.14393.9060 (2 CPE variants)
microsoft/windows_10_1809 < 10.0.17763.8644 (2 CPE variants)
microsoft/windows_10_21h2 < 10.0.19044.7184 (3 CPE variants)
microsoft/windows_10_22h2 < 10.0.19045.7184 (3 CPE variants)
Microsoft/Windows 10 Version 1607 10.0.14393.0 - 10.0.14393.9060
Microsoft/Windows 10 Version 1809 10.0.17763.0 - 10.0.17763.8644
Microsoft/Windows 10 Version 21H2 10.0.19044.0 - 10.0.19044.7184
Microsoft/Windows 10 Version 22H2 10.0.19045.0 - 10.0.19045.7184
microsoft/windows_11_23h2 < 10.0.22631.6936 (2 CPE variants)
microsoft/windows_11_24h2 < 10.0.26100.8246 (2 CPE variants)
... and 21 more
Published Apr 14, 2026
Tracked Since Apr 14, 2026