CVE-2026-33824

critical

Description

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33824

https://www.zerodayinitiative.com/blog/2026/4/22/cve-2026-33824-remote-code-execution-in-windows-ikev2

https://www.infosecurity-magazine.com/news/microsoft-two-zerodays-april-patch/

https://thehackernews.com/2026/04/microsoft-issues-patches-for-sharepoint.html

https://securityaffairs.com/190831/security/microsoft-patch-tuesday-for-april-2026-fixed-actively-exploited-sharepoint-zero-day.html

https://cyberscoop.com/microsoft-patch-tuesday-april-2026/

https://www.tenable.com/blog/microsofts-april-2026-patch-tuesday-addresses-163-cves-cve-2026-32201

Details

Source: Mitre, NVD

Published: 2026-04-14

Updated: 2026-04-17

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00067