High severity7.5NVD Advisory· Published Apr 14, 2026· Updated Apr 24, 2026

CVE-2026-26154

Description

Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.

Microsoft/Windows Server 20122 versions
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft/Windows Server 2016
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Range: <10.0.14393.9060
Microsoft/Windows Server 2019
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Range: <10.0.17763.8644
Microsoft/Windows Server 2022
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
Range: <10.0.20348.5020
Microsoft/Windows Server 2022 23h2
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
Range: <10.0.25398.2274
Microsoft/Windows Server 2025
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Range: <10.0.26100.32690

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.