CVE-2026-33826

Name of the Vulnerable Software and Affected Versions Windows Active Directory versions prior to April 2026 Patch Tuesday

Description Improper input validation in Windows Active Directory allows an authorized attacker to execute arbitrary code over an adjacent network. This issue enables authenticated attackers to run malicious code via specially crafted RPC (Remote Procedure Call) calls, which is a protocol that allows a program to request a service from a program located on another computer on a network.

Recommendations Update to the version provided in the April 2026 Patch Tuesday. Lock down Domain Controller RPC reachability. Implement network segmentation. Monitor RPC traffic.