CVE-2026-33826

HIGH

Windows Active Directory Remote Code Execution Vulnerability

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-33826. PoCs published by ZEROxYakuza.

AI-analyzed exploit summary The repository contains a Python-based scanner that tests for potential RPC vulnerabilities, including buffer overflows in LSARPC, SAMR enumeration issues, and SRVSVC path canonicalization flaws. It does not include functional exploit code but performs detection tests for CVE-2026-33826.

Description

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.

Exploits (1)

github SCANNER

by ZEROxYakuza · pythonpoc

https://github.com/ZEROxYakuza/CVE-2026-33826

View Code ZIP pw:eip

The repository contains a Python-based scanner that tests for potential RPC vulnerabilities, including buffer overflows in LSARPC, SAMR enumeration issues, and SRVSVC path canonicalization flaws. It does not include functional exploit code but performs detection tests for CVE-2026-33826.

Classification

Scanner 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Windows RPC services (LSARPC, SAMR, SRVSVC)

Auth required

Prerequisites: valid credentials for the target system · network access to RPC endpoints

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Apr 27, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory patch

Windows Active Directory Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33826

Scores

CVSS v3 8.0

EPSS 0.0053

EPSS Percentile 40.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20

Status published

Products (16)

Microsoft/Windows Server 2012 R2 6.3.9600.0 - 6.3.9600.23132

Microsoft/Windows Server 2012 R2 (Server Core installation) 6.3.9600.0 - 6.3.9600.23132

Microsoft/Windows Server 2016 10.0.14393.0 - 10.0.14393.9060

Microsoft/Windows Server 2016 (Server Core installation) 10.0.14393.0 - 10.0.14393.9060

Microsoft/Windows Server 2019 10.0.17763.0 - 10.0.17763.8644

Microsoft/Windows Server 2019 (Server Core installation) 10.0.17763.0 - 10.0.17763.8644

Microsoft/Windows Server 2022 10.0.20348.0 - 10.0.20348.5020

Microsoft/Windows Server 2022, 23H2 Edition (Server Core installation) 10.0.25398.0 - 10.0.25398.2274

Microsoft/Windows Server 2025 10.0.26100.0 - 10.0.26100.32690

Microsoft/Windows Server 2025 (Server Core installation) 10.0.26100.0 - 10.0.26100.32690

... and 6 more

Published Apr 14, 2026

Tracked Since Apr 14, 2026