CVE-2026-33829

MEDIUM

Windows Snipping Tool Spoofing Vulnerability

Title source: cna

Description

Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.

Exploits (1)

github NO CODE 1 stars

by Hex0rc1st · pythonpoc

https://github.com/Hex0rc1st/CVE_POC_monitor/tree/main/article/uploads/demo_1776332963/【已复现】Windows 截图工具 NTLM 信息泄露漏洞(CVE-2026-33829)安全风险通告

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33829

[Exploit, Third Party Advisory] https://github.com/blackarrowsec/redteam-research/tree/master/CVE-2026-33829

Scores

CVSS v3 4.3

EPSS 0.0004

EPSS Percentile 13.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (37)

microsoft/windows_10_1607 < 10.0.14393.9060 (2 CPE variants)

microsoft/windows_10_1809 < 10.0.17763.8644 (2 CPE variants)

microsoft/windows_10_21h2 < 10.0.19044.7184 (3 CPE variants)

microsoft/windows_10_22h2 < 10.0.19045.7184 (3 CPE variants)

Microsoft/Windows 10 Version 1607 10.0.14393.0 - 10.0.14393.9060

Microsoft/Windows 10 Version 1809 10.0.17763.0 - 10.0.17763.8644

Microsoft/Windows 10 Version 21H2 10.0.19044.0 - 10.0.19044.7184

Microsoft/Windows 10 Version 22H2 10.0.19045.0 - 10.0.19045.7184

microsoft/windows_11_23h2 < 10.0.22631.6936 (2 CPE variants)

microsoft/windows_11_24h2 < 10.0.26100.8246 (2 CPE variants)

... and 27 more

Published Apr 14, 2026

Tracked Since Apr 14, 2026