Windows Server Update Service Tampering Vulnerability

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

Windows Server Update Service Tampering Vulnerability

CVE-2026-26154

Summary

The Windows Server Update Service has a flaw that allows a hacker to manipulate data sent over a network. This could allow an attacker to disrupt the update process or introduce malicious code. You should check for and apply the latest updates to protect your system.

Original title

Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.

Original description

Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.

nvd CVSS3.1 7.5

Vulnerability type

CWE-20 Improper Input Validation

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26154

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026