{"@odata.context":"https://api.msrc.microsoft.com/sug/v2.0/sugodata/v2.0/en-US/$metadata#vulnerability/$entity","id":"00000000-0000-0000-0000-000023da91cb","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33827","cveTitle":"Windows TCP/IP Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-33827","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33827","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows TCP/IP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.1","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.</p>\n","ordinal":10000},{"title":"Windows TCP/IP Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.</p>\n","ordinal":10000},{"title":"FAQ-Exploit-IPV6","articleType":"FAQ","description":"<p><strong>How could an attacker exploit this vulnerability?</strong></p>\n<p>An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33827","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0b4052c6-e731-f111-93fa-000d3afbc7d7"}]}