EXECUTIVE SUMMARY:
CVE-2026-33826 with a CVSS score of 8.0 is a critical vulnerability in Windows Active Directory that allows attackers to execute malicious code. The vulnerable product is Windows Active Directory. The vulnerability originates from improper input validation (CWE-20) within the Windows Active Directory infrastructure, specifically in the Windows Active Directory infrastructure's failure to validate Remote Procedure Call (RPC) input properly. An attacker can exploit this vulnerability by sending a specially crafted RPC to an affected RPC host, allowing them to trigger remote code execution on the server with the same permissions as the RPC service. This capability grants the attacker the ability to manipulate Active Directory services, alter configurations, or compromise domain security. The business impact and consequences of exploitation are significant, as an attacker with this capability can potentially disrupt the entire identity and access management infrastructure of an enterprise network. The attack vector is "Adjacent" (AV: A), requiring an authenticated attacker to already maintain a presence within the same restricted Active Directory domain as the target system, significantly limiting the attack's complexity and scope.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-33826 with a CVSS score of 8.0 is a critical vulnerability in Windows Active Directory that allows attackers to execute malicious code. The vulnerable product is Windows Active Directory. The vulnerability originates from improper input validation (CWE-20) within the Windows Active Directory infrastructure, specifically in the Windows Active Directory infrastructure's failure to validate Remote Procedure Call (RPC) input properly. An attacker can exploit this vulnerability by sending a specially crafted RPC to an affected RPC host, allowing them to trigger remote code execution on the server with the same permissions as the RPC service. This capability grants the attacker the ability to manipulate Active Directory services, alter configurations, or compromise domain security. The business impact and consequences of exploitation are significant, as an attacker with this capability can potentially disrupt the entire identity and access management infrastructure of an enterprise network. The attack vector is "Adjacent" (AV: A), requiring an authenticated attacker to already maintain a presence within the same restricted Active Directory domain as the target system, significantly limiting the attack's complexity and scope.[emaillocker id="1283"]
RECOMMENDATION:
We recommend you to update Windows Server 2012 R2 to version KB5082126, Windows Server 2016 to version KB5082198, Windows Server 2019 to version KB5082123, Windows Server 2022 (including 23H2 Edition) to versions KB5082142 and KB5082060, and Windows Server 2025 to version KB5082063.
REFERENCES:
The following reports contain further technical details:
https://cybersecuritynews.com/windows-active-directory-vulnerability/