Bright Nexus

Published on April 15, 2026

Windows Active Directory Flaw Opens Door to Malicious Code Execution

Severity

High

Detail

Microsoft has disclosed a high-severity vulnerability affecting Windows Active Directory, which could allow attackers to execute malicious code within enterprise environments.

Tracked as CVE-2026-33826, the flaw enables authenticated attackers to perform remote code execution over an adjacent network, posing significant risk to affected systems.

CVE IDSummaryCVSS Score
CVE-2026-33826Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.8.0 (High)

According to Microsoft, the vulnerability is caused by improper input validation (CWE-20) within Active Directory components.

The flaw carries a CVSS score of 8.0, indicating high impact across confidentiality, integrity, and availability.

Exploitation requires an authenticated attacker within the same network environment to send specially crafted Remote Procedure Call (RPC) requests to a vulnerable system. The attack complexity is low, requires minimal privileges, and does not require user interaction.

Successful exploitation allows remote code execution with elevated system-level privileges, potentially leading to full system compromise.

Although there is currently no confirmed exploitation in the wild, Microsoft has assessed this vulnerability as “Exploitation More Likely,” indicating a high probability of future exploit development.

Affected Products

The vulnerability impacts multiple versions of Windows Server environments, including both standard and Server Core installations:

  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022 (including 23H2 Edition)
  • Windows Server 2025
  • Server Core installations (all supported versions)

Recommendation

Organizations should take the following actions to mitigate the risk associated with this vulnerability:

  • Apply the relevant Microsoft security updates released in April 2026 (e.g., KB5082063 for Windows Server 2025 and KB5082142 for Windows Server 2022)
  • Monitor network activity for unusual or suspicious RPC requests targeting Active Directory systems
  • Enforce strict access controls and auditing for domain users to reduce the risk of unauthorized access

Source
https://gbhackers.com/windows-active-directory-flaw/

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33826