Windows Kerberos
by Microsoft
CVEs (23)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-27912 | Hig | 0.52 | 8.0 | 0.00 | Apr 14, 2026 | Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network. | ||
| CVE-2026-47288 | Hig | 0.46 | 7.1 | 0.01 | Jun 9, 2026 | Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network. | ||
| CVE-2026-42903 | Med | 0.42 | 6.5 | 0.01 | Jun 9, 2026 | Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network. | ||
| CVE-2026-42914 | Med | 0.34 | 5.3 | 0.01 | Jun 9, 2026 | Windows Kerberos Denial of Service Vulnerability | ||
| CVE-2022-33679 | 0.06 | — | 0.08 | Sep 13, 2022 | Windows Kerberos Elevation of Privilege Vulnerability | |||
| CVE-2022-41053 | 0.02 | — | 0.02 | Nov 9, 2022 | Windows Kerberos Denial of Service Vulnerability | |||
| CVE-2020-17049 | 0.02 | — | 0.14 | Nov 11, 2020 | A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could… | |||
| CVE-2024-20674 | 0.01 | — | 0.17 | Jan 9, 2024 | Windows Kerberos Security Feature Bypass Vulnerability | |||
| CVE-2022-21920 | 0.01 | — | 0.03 | Jan 11, 2022 | Windows Kerberos Elevation of Privilege Vulnerability | |||
| CVE-2025-53779 | 0.00 | — | 0.03 | Aug 12, 2025 | Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2025-29809 | 0.00 | — | 0.04 | Apr 8, 2025 | Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2025-26647 | 0.00 | — | 0.02 | Apr 8, 2025 | Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2025-21350 | 0.00 | — | 0.02 | Feb 11, 2025 | Windows Kerberos Denial of Service Vulnerability | |||
| CVE-2025-21218 | 0.00 | — | 0.03 | Jan 14, 2025 | Windows Kerberos Denial of Service Vulnerability | |||
| CVE-2024-38129 | 0.00 | — | 0.01 | Oct 8, 2024 | Windows Kerberos Elevation of Privilege Vulnerability | |||
| CVE-2024-21427 | 0.00 | — | 0.02 | Mar 12, 2024 | Windows Kerberos Security Feature Bypass Vulnerability | |||
| CVE-2023-28244 | 0.00 | — | 0.03 | Apr 11, 2023 | Windows Kerberos Elevation of Privilege Vulnerability | |||
| CVE-2023-21817 | 0.00 | — | 0.01 | Feb 14, 2023 | Windows Kerberos Elevation of Privilege Vulnerability | |||
| CVE-2022-37967 | 0.00 | — | 0.04 | Nov 9, 2022 | Windows Kerberos Elevation of Privilege Vulnerability | |||
| CVE-2022-33647 | 0.00 | — | 0.02 | Sep 13, 2022 | Windows Kerberos Elevation of Privilege Vulnerability |
- risk 0.52cvss 8.0epss 0.00
Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.
- risk 0.46cvss 7.1epss 0.01
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.
- risk 0.42cvss 6.5epss 0.01
Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
- risk 0.34cvss 5.3epss 0.01
Windows Kerberos Denial of Service Vulnerability
- CVE-2022-33679Sep 13, 2022risk 0.06cvss —epss 0.08
Windows Kerberos Elevation of Privilege Vulnerability
- CVE-2022-41053Nov 9, 2022risk 0.02cvss —epss 0.02
Windows Kerberos Denial of Service Vulnerability
- CVE-2020-17049Nov 11, 2020risk 0.02cvss —epss 0.14
A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could…
- CVE-2024-20674Jan 9, 2024risk 0.01cvss —epss 0.17
Windows Kerberos Security Feature Bypass Vulnerability
- CVE-2022-21920Jan 11, 2022risk 0.01cvss —epss 0.03
Windows Kerberos Elevation of Privilege Vulnerability
- CVE-2025-53779Aug 12, 2025risk 0.00cvss —epss 0.03
Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
- CVE-2025-29809Apr 8, 2025risk 0.00cvss —epss 0.04
Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.
- CVE-2025-26647Apr 8, 2025risk 0.00cvss —epss 0.02
Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
- CVE-2025-21350Feb 11, 2025risk 0.00cvss —epss 0.02
Windows Kerberos Denial of Service Vulnerability
- CVE-2025-21218Jan 14, 2025risk 0.00cvss —epss 0.03
Windows Kerberos Denial of Service Vulnerability
- CVE-2024-38129Oct 8, 2024risk 0.00cvss —epss 0.01
Windows Kerberos Elevation of Privilege Vulnerability
- CVE-2024-21427Mar 12, 2024risk 0.00cvss —epss 0.02
Windows Kerberos Security Feature Bypass Vulnerability
- CVE-2023-28244Apr 11, 2023risk 0.00cvss —epss 0.03
Windows Kerberos Elevation of Privilege Vulnerability
- CVE-2023-21817Feb 14, 2023risk 0.00cvss —epss 0.01
Windows Kerberos Elevation of Privilege Vulnerability
- CVE-2022-37967Nov 9, 2022risk 0.00cvss —epss 0.04
Windows Kerberos Elevation of Privilege Vulnerability
- CVE-2022-33647Sep 13, 2022risk 0.00cvss —epss 0.02
Windows Kerberos Elevation of Privilege Vulnerability
Page 1 of 2