CVE-2026-33096
high
Microsoft CVSS v3 Base Score
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
EPSS Score
0.2%
Exploitation probability in 30 days
Top 62% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Published: April 14, 2026 (29 days ago)
Last Modified: April 24, 2026
Vendor: Microsoft
Source: MITRE
Vulnerability Report
Generated by CyberWatcher
Description
Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
CWE
CWE-125Affected Products
Microsoft Windows 11 version 22H3Microsoft Windows 11 Version 23H2Microsoft Windows 11 Version 24H2Microsoft Windows 11 Version 25H2Microsoft Windows 11 version 26H1Microsoft Windows Server 2022Microsoft Windows Server 2022, 23H2 Edition (Server Core installation)Microsoft Windows Server 2025Microsoft Windows Server 2025 (Server Core installation)