CVE-2026-26154EXPLOITEDPATCHED

Microsoft · Windows Server 2012

Windows Server Update Service (WSUS) Tampering Vulnerability

Description

Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.

Affected Products

Vendor	Product	Versions
Microsoft	Windows Server 2012	6.2.9200.0, 6.2.9200.0, 6.3.9600.0, 6.3.9600.0, 10.0.14393.0, 10.0.14393.0, 10.0.17763.0, 10.0.17763.0, 10.0.20348.0, 10.0.25398.0, 10.0.26100.0, 10.0.26100.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	windows server 2012 r2	mitre_affected	90%
microsoft	windows	mitre_affected	90%
microsoft	windows server 2019 (server core installation)	mitre_affected	90%
microsoft	windows server 2016 (server core installation)	mitre_affected	90%
microsoft	windows server 2012 (server core installation)	mitre_affected	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26154(vendor-advisory, patch)

Related News (2 articles)

Tier C

VulDB5h ago

CVE-2026-26154 | Microsoft

→ No new info (linked only)

Tier A

Microsoft MSRC9h ago

CVE-2026-26154 Windows Server Update Service (WSUS) Tampering Vulnerability

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

6.2.9200.260266.3.9600.2313210.0.14393.906010.0.17763.864410.0.20348.502010.0.25398.227410.0.26100.32690

CWECWE-20

PublishedApr 14, 2026

Last enriched6h agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-32201EXPKEV

Microsoft SharePoint Server Spoofing Vulnerability

Trending: 150

HIGHCVE-2026-26171EXP

.NET Denial of Service Vulnerability

Trending: 70

CRITICALCVE-2026-33824EXP

Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability

Trending: 68

HIGHCVE-2026-32071EXP

Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

Trending: 67

HIGHCVE-2026-32075EXP

Windows UPnP Device Host Elevation of Privilege Vulnerability

Trending: 66

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 14, 2026

Discovered by ZDM

Apr 14, 2026

Updated: description, exploitAvailable, activelyExploited, tags

Apr 14, 2026

Actively Exploited

Apr 14, 2026

Exploit Available

Apr 14, 2026

Patch Available

Apr 14, 2026

Version History

Last enriched 6h ago

v2Tier A6h ago

Added a detailed description of the vulnerability, marked it as actively exploited, and included new tags related to WSUS and tampering.

descriptionexploitAvailableactivelyExploitedtags

via Microsoft MSRC

v16h ago

Initial creation

Vendor

Product

Versions

Microsoft

Windows Server 2012

6.2.9200.0, 6.2.9200.0, 6.3.9600.0, 6.3.9600.0, 10.0.14393.0, 10.0.14393.0, 10.0.17763.0, 10.0.17763.0, 10.0.20348.0, 10.0.25398.0, 10.0.26100.0, 10.0.26100.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor

Product

Source

Confidence

microsoft

windows server 2012 r2

mitre_affected

90%

microsoft

windows

mitre_affected

90%

microsoft

windows server 2019 (server core installation)

mitre_affected

90%

microsoft

windows server 2016 (server core installation)

mitre_affected

90%

microsoft

windows server 2012 (server core installation)

mitre_affected

90%