Windows Hyper-V Input Validation Flaw Allows Local Code Execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.3

Windows Hyper-V Input Validation Flaw Allows Local Code Execution

CVE-2026-32149

Summary

An attacker with authorized access to a Windows system with Hyper-V enabled can exploit a flaw in input validation to execute malicious code locally, potentially leading to unauthorized actions. This affects systems with Hyper-V installed and could allow an attacker to take control of the system. To protect against this, ensure all input is properly validated and consider updating to the latest Windows and Hyper-V versions.

Original title

Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.

Original description

Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.

nvd CVSS3.1 7.3

Vulnerability type

CWE-20 Improper Input Validation

CWE-122 Heap-based Buffer Overflow

CWE-191

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32149

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026