VYPR
High severity7.0NVD Advisory· Published Apr 14, 2026· Updated Apr 17, 2026

CVE-2026-32224

CVE-2026-32224

Description

Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.

Affected products

3
  • cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*+ 1 more
    • cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*range: <10.0.28000.1836
    • cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*range: <10.0.28000.1836

Patches

Vulnerability mechanics

References

1

News mentions

1