Windows IKE Extension Double Free Vulnerability Allows Remote Code Execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

Windows IKE Extension Double Free Vulnerability Allows Remote Code Execution

CVE-2026-33824

Summary

An attacker can exploit a flaw in the Windows IKE Extension to run malicious code on a network-connected computer. This can happen if an attacker sends a specially crafted packet to the vulnerable system. To protect your network, ensure you have the latest Windows updates installed.

Original title

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

Original description

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

nvd CVSS3.1 9.8

Vulnerability type

CWE-415

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33824

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026