CVE-2026-33829

MEDIUM

Windows Snipping Tool Spoofing Vulnerability

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-2026-33829. PoCs published by nu11secur1ty, Hex0rc1st, jenniferreire26.

AI-analyzed exploit summary The provided content describes a vulnerability in Windows Snipping Tool (CVE-2026-33829) but lacks actual exploit code. It directs users to external sources (Patreon, GitHub) for the exploit, which is a common tactic in suspicious repositories.

Description

Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.

Exploits (7)

exploitdb SUSPICIOUS
by nu11secur1ty · textlocalwindows
https://www.exploit-db.com/exploits/52567

The provided content describes a vulnerability in Windows Snipping Tool (CVE-2026-33829) but lacks actual exploit code. It directs users to external sources (Patreon, GitHub) for the exploit, which is a common tactic in suspicious repositories.

Classification
Suspicious 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Theoretical
Target: Windows Snipping Tool (Windows 10, 11, Server 2012-2025)
No auth needed
Prerequisites: attacker-controlled SMB server · victim interaction (clicking a malicious link)
devstral-2 · analyzed May 16, 2026 Full analysis →
github SUSPICIOUS
by jenniferreire26 · poc
https://github.com/jenniferreire26/CVE-2026-33829

The repository lacks actual exploit code and instead directs users to an external download link (tinyurl.com). The README provides generic details about the vulnerability but no technical depth or functional PoC.

Classification
Suspicious 90%
Attack Type
Info Leak
Complexity
Theoretical
Reliability
Theoretical
Target: Microsoft Windows Snipping Tool
No auth needed
Prerequisites: none specified
devstral-2 · analyzed Jun 09, 2026 Full analysis →
github SCANNER
by seguridadentrerios · shellpoc
https://github.com/seguridadentrerios/CVE-2026-33829

The repository contains a Bash script that passively monitors for SMB connections from a Windows target after it interacts with a crafted 'search:' URI, indicating potential vulnerability to CVE-2026-33829. It does not exploit the vulnerability but detects potential exposure by logging SMB traffic.

Classification
Scanner 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Windows (unspecified version)
No auth needed
Prerequisites: Linux machine with tcpdump · Network connectivity to Windows target · Superuser privileges on Linux
devstral-2 · analyzed Jun 05, 2026 Full analysis →
github SUSPICIOUS
by ByteWraith1 · poc
https://github.com/ByteWraith1/CVE-2026-33829

The repository claims to provide an exploit for CVE-2026-33829 but only contains a README with vague details and a link to an external download (tinyurl.com). No actual exploit code is present, and the README lacks technical depth.

Classification
Suspicious 90%
Attack Type
Info Leak
Complexity
Theoretical
Reliability
Theoretical
Target: Windows Snipping Tool
No auth needed
Prerequisites: none specified
devstral-2 · analyzed Jun 05, 2026 Full analysis →
github SUSPICIOUS
by tiffanykarihi23 · poc
https://github.com/tiffanykarihi23/CVE-2026-33829

The repository lacks actual exploit code and instead directs users to an external download link (tinyurl.com). The README provides minimal technical details about the vulnerability, focusing on generic usage instructions and affected versions without explaining the root cause or exploitation mechanics.

Classification
Suspicious 90%
Attack Type
Info Leak
Complexity
Theoretical
Reliability
Theoretical
Target: Microsoft Windows Snipping Tool (multiple versions)
No auth needed
Prerequisites: none specified
devstral-2 · analyzed Jun 04, 2026 Full analysis →
github WRITEUP
by rahultb-sec · poc
https://github.com/rahultb-sec/CVE-2026-33829-Writeup

This repository provides a detailed technical analysis of CVE-2026-33829, an NTLM coercion vulnerability in the Windows Snipping Tool. It includes root cause analysis, proof-of-concept HTML payload, and remediation steps, demonstrating how an attacker can leak Net-NTLMv2 hashes via a malicious URI scheme.

Classification
Writeup 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Windows Snipping Tool (ms-screensketch URI handler)
No auth needed
Prerequisites: Victim interaction (clicking a malicious link) · Attacker-controlled SMB server (e.g., Responder) · Unpatched Windows system
devstral-2 · analyzed May 21, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory patch
Windows Snipping Tool Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33829

Scores

CVSS v3 4.3
EPSS 0.0029
EPSS Percentile 52.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-200
Status published
Products (37)
Microsoft/Windows 10 Version 1607 10.0.14393.0 - 10.0.14393.9060
Microsoft/Windows 10 Version 1809 10.0.17763.0 - 10.0.17763.8644
Microsoft/Windows 10 Version 21H2 10.0.19044.0 - 10.0.19044.7184
Microsoft/Windows 10 Version 22H2 10.0.19045.0 - 10.0.19045.7184
Microsoft/Windows 11 version 22H3 10.0.22631.0 - 10.0.22631.6936
Microsoft/Windows 11 Version 23H2 10.0.22631.0 - 10.0.22631.6936
Microsoft/Windows 11 Version 24H2 10.0.26100.0 - 10.0.26100.32690
Microsoft/Windows 11 Version 24H2 10.0.26100.0 - 10.0.26100.8246
Microsoft/Windows 11 Version 25H2 10.0.26200.0 - 10.0.26200.8246
Microsoft/Windows 11 version 26H1 10.0.28000.0 - 10.0.28000.1836
... and 27 more
Published Apr 14, 2026
Tracked Since Apr 14, 2026