High severity7.5NVD Advisory· Published Apr 14, 2026· Updated Apr 17, 2026

CVE-2026-33096

Description

Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.

Microsoft/Windows 11 23h22 versions
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*+ 1 more
- cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*range: <10.0.22631.6936
- cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*range: <10.0.22631.6936
Microsoft/Windows 11 24h22 versions
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*+ 1 more
- cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*range: <10.0.26100.8246
- cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*range: <10.0.26100.8246
Microsoft/Windows 11 25h22 versions
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*+ 1 more
- cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*range: <10.0.26200.8246
- cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*range: <10.0.26200.8246
Microsoft/Windows 11 26h12 versions
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*+ 1 more
- cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*range: <10.0.28000.1836
- cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*range: <10.0.28000.1836
Microsoft/Windows Server 2022
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
Range: <10.0.20348.5020
Microsoft/Windows Server 2022 23h2
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
Range: <10.0.25398.2274
Microsoft/Windows Server 2025
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Range: <10.0.26100.32690

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

No linked articles in our index yet.