Microsoft
Windows 11
Microsoft desktop operating system for PCs.
2026-04 B (26200.8246)
- Release date
- April 14, 2026
- CVE status
- 25 visible CVEs
Source
Vendor Release Information
Public release notes are linked for the latest stored release.
Release history
See the latest published releases stored for this product.
| Version | Published | Notes |
|---|---|---|
| 2026-04 B (26200.8246) | 2026-04-14 | Release Notes |
| 2026-03 OOB (26200.8117) | 2026-03-31 | Release Notes |
| 2026-03 D (26200.8116) | 2026-03-26 | Release Notes |
| 2026-03 B (26200.8037) | 2026-03-10 | Release Notes |
Vulnerability tracking
Review curated CVEs for this product and see whether the current version is marked affected. Only CVEs with a CVSS score of 7.0 or higher and published in the last 90 days are shown.
| CVE | Severity | Published | Status | Summary |
|---|---|---|---|---|
| CVE-2026-33827 | HIGH (8.1) | 2026-04-14 | Current versionnot affected | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network. Affected versions
|
| CVE-2026-33824 | CRITICAL (9.8) | 2026-04-14 | Current versionnot affected | Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. Affected versions
|
| CVE-2026-33104 | HIGH (7.0) | 2026-04-14 | Current versionnot affected | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-33101 | HIGH (7.8) | 2026-04-14 | Current versionnot affected | Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-33100 | HIGH (7.0) | 2026-04-14 | Current versionnot affected | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-33099 | HIGH (7.0) | 2026-04-14 | Current versionnot affected | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-33098 | HIGH (7.8) | 2026-04-14 | Current versionnot affected | Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-33096 | HIGH (7.5) | 2026-04-14 | Current versionnot affected | Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. Affected versions
|
| CVE-2026-32225 | HIGH (8.8) | 2026-04-14 | Current versionnot affected | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. Affected versions
|
| CVE-2026-32222 | HIGH (7.8) | 2026-04-14 | Current versionnot affected | Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-32221 | HIGH (8.4) | 2026-04-14 | Current versionnot affected | Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally. Affected versions
|
| CVE-2026-26132 | HIGH (7.8) | 2026-03-10 | Current versionnot affected | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-26128 | HIGH (7.8) | 2026-03-10 | Current versionnot affected | Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-25190 | HIGH (7.8) | 2026-03-10 | Current versionnot affected | Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. Affected versions
|
| CVE-2026-25188 | HIGH (8.8) | 2026-03-10 | Current versionnot affected | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network. Affected versions
|
| CVE-2026-25187 | HIGH (7.8) | 2026-03-10 | Current versionnot affected | Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-25181 | HIGH (7.5) | 2026-03-10 | Current versionnot affected | Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network. Affected versions
|
| CVE-2026-25179 | HIGH (7.0) | 2026-03-10 | Current versionnot affected | Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-25178 | HIGH (7.0) | 2026-03-10 | Current versionnot affected | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-25177 | HIGH (8.8) | 2026-03-10 | Current versionnot affected | Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. Affected versions
|
| CVE-2026-25176 | HIGH (7.8) | 2026-03-10 | Current versionnot affected | Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-25174 | HIGH (7.8) | 2026-03-10 | Current versionnot affected | Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-25173 | HIGH (8.0) | 2026-03-10 | Current versionnot affected | Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Affected versions
|
| CVE-2026-25171 | HIGH (7.0) | 2026-03-10 | Current versionnot affected | Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-25170 | HIGH (7.0) | 2026-03-10 | Current versionnot affected | Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Affected versions
|