Improper Authorization in Windows Kerberos Enables Privilege Elevation
CVE-2026-27912

8HIGH

Key Information:

Vendor: Microsoft
Status: Windows Server 2012; Windows Server 2012 (server Core Installation); Windows Server 2012 R2; Windows Server 2012 R2 (server Core Installation)
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-27912?

The privilege escalation vulnerability in Windows Kerberos arises from improper authorization, allowing an authorized attacker to exploit this flaw and potentially gain elevated privileges within an adjacent network. This security loophole necessitates immediate attention to safeguard systems against potential unauthorized access and control.

Affected Version(s)

Windows Server 2012 (Server Core installation) x64-based Systems 6.2.9200.0 < 6.2.9200.26026

Windows Server 2012 R2 (Server Core installation) x64-based Systems 6.3.9600.0 < 6.3.9600.23132

Windows Server 2012 R2 x64-based Systems 6.3.9600.0 < 6.3.9600.23132

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Feb 24, 2026

CVE-2026-27912 Data

JSON

Microsoft

What is CVE-2026-27912?

Affected Version(s)

References

CVSS V3.1

Timeline