CVE-2026-27912 HIGH

CVE-2026-27912: Windows Kerberos Elevation of Privilege Vulnerability

Vendor Microsoft
Product Windows Server 2012
Weakness CWE-285
Published April 14, 2026
Last update June 1, 2026
View on NVD All CVEs

CVSS base score

8.0/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

What the vulnerability does

01Description

Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.

Key dates

02Disclosure timeline

April 14, 2026 CVE published
June 1, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-38231 Windows Remote Desktop Licensing Service Denial of Service Vulnerability CVE-2026-2892 Otter Blocks <= 3.1.4 - Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie CVE-2025-21275 Windows App Package Installer Elevation of Privilege Vulnerability CVE-2021-42332 ShinHer Information Co., LTD. ShinHer StudyOnline System - Improper Authorization-3 CVE-2026-48810 FreeScout: Thread Edit Authorization Bypass via Missing Mailbox Check