Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability

Description

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

Affected Products

Vendor	Product	Versions
Microsoft	Windows 10 Version 1607	10.0.14393.0, 10.0.17763.0, 10.0.19044.0, 10.0.19045.0, 10.0.22631.0, 10.0.22631.0, 10.0.26100.0, 10.0.26200.0, 10.0.28000.0, 10.0.14393.0, 10.0.14393.0, 10.0.17763.0, 10.0.17763.0, 10.0.20348.0, 10.0.25398.0, 10.0.26100.0, 10.0.26100.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	windows 11 version 22h3	mitre_affected	90%
microsoft	windows server 2022, 23h2 edition (server core installation)	mitre_affected	90%
microsoft	windows	mitre_affected	90%
microsoft	windows 10 version 22h2	mitre_affected	90%
microsoft	windows 11 version 23h2	mitre_affected	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33824(vendor-advisory, patch)

Related News (4 articles)

Tier C

Rapid7 Blog1h ago

Patch Tuesday - April 2026

→ No new info (linked only)

Tier C

Cisco Talos2h ago

Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities

→ No new info (linked only)

Tier C

VulDB4h ago

CVE-2026-33824 | Microsoft Windows up to Server 2025 double free

→ No new info (linked only)

Tier A

Microsoft MSRC9h ago

CVE-2026-33824 Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

10.0.14393.906010.0.17763.864410.0.19044.718410.0.19045.718410.0.22631.693610.0.26100.3269010.0.26200.824610.0.28000.183610.0.20348.502010.0.25398.2274

CWECWE-415

PublishedApr 14, 2026

Last enriched5h agov2

Trending Score68

Source articles4

Independent4

Info Completeness9/14

Missing: title, epss, kev, iocs, mitre_attack