Unauthorized Code Execution in Windows Active Directory

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.0

Unauthorized Code Execution in Windows Active Directory

CVE-2026-33826

Summary

An attacker on a connected network can run malicious code on a Windows Active Directory server if they send a specially crafted request. This could allow them to access sensitive data or disrupt the directory service. IT should update Windows to the latest patches to mitigate this risk.

Original title

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.

Original description

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.

nvd CVSS3.1 8.0

Vulnerability type

CWE-20 Improper Input Validation

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33826

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026