CVE-2026-32181

EUVD-2026-22563
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10_21h2
𝑥
< 10.0.19044.7184
microsoftwindows_10_21h2
𝑥
< 10.0.19044.7184
microsoftwindows_10_21h2
𝑥
< 10.0.19044.7184
microsoftwindows_10_22h2
𝑥
< 10.0.19045.7184
microsoftwindows_10_22h2
𝑥
< 10.0.19045.7184
microsoftwindows_10_22h2
𝑥
< 10.0.19045.7184
microsoftwindows_11_23h2
𝑥
< 10.0.22631.6936
microsoftwindows_11_23h2
𝑥
< 10.0.22631.6936
microsoftwindows_11_24h2
𝑥
< 10.0.26100.8246
microsoftwindows_11_24h2
𝑥
< 10.0.26100.8246
microsoftwindows_11_25h2
𝑥
< 10.0.26200.8246
microsoftwindows_11_25h2
𝑥
< 10.0.26200.8246
microsoftwindows_11_26h1
𝑥
< 10.0.28000.1836
microsoftwindows_11_26h1
𝑥
< 10.0.28000.1836
microsoftwindows_server_2022
𝑥
< 10.0.20348.5020
microsoftwindows_server_2022_23h2
𝑥
< 10.0.25398.2274
microsoftwindows_server_2025
𝑥
< 10.0.26100.32690
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
21H2 (arm64, x64, x86)
KB5082200
22H2 (arm64, x64, x86)
KB5082200
Windows 11
23H2 (arm64, x64)
KB5082052
24H2 (arm64, x64)
KB5083769
25H2 (arm64, x64)
KB5083769
26H1 (arm64, x64)
KB5083768
Windows Server 2022
23H2 Server Core
KB5082060
Server Core
KB5082142
Standard
KB5082142
Windows Server 2025
Server Core
KB5082063
Standard
KB5082063
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32181
https://www.vicarius.io/vsociety/posts/cve-2026-32181-detection-script-dos-vulnerability-in-windows-connected-user-experiences-and-telemetry-service
https://www.vicarius.io/vsociety/posts/cve-2026-32181-mitigation-script-dos-vulnerability-in-windows-connected-user-experiences-and-telemetry-service