Windows HTTP.sys Denial-of-Service Vulnerability

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

Windows HTTP.sys Denial-of-Service Vulnerability

CVE-2026-33096

Summary

An attacker can crash Windows HTTP.sys, disrupting network services. This affects Windows systems with HTTP.sys enabled. Patch your Windows systems to prevent potential service disruptions.

Original title

Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.

Original description

Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.

nvd CVSS3.1 7.5

Vulnerability type

CWE-125 Out-of-bounds Read

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33096

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026