Microsoft
Windows Server
Microsoft server operating system for on-premises and hybrid workloads.
2026-04 B (14393.9060)
- Release date
- April 14, 2026
- CVE status
- 25 visible CVEs
Source
Vendor Release Information
Public release notes are linked for the latest stored release.
Release history
See the latest published releases stored for this product.
| Version | Published | Notes |
|---|---|---|
| 2026-04 B (14393.9060) | 2026-04-14 | Release Notes |
| 2026-03 B (14393.8957) | 2026-03-10 | Release Notes |
Vulnerability tracking
Review curated CVEs for this product and see whether the current version is marked affected. Only CVEs with a CVSS score of 7.0 or higher and published in the last 90 days are shown.
| CVE | Severity | Published | Status | Summary |
|---|---|---|---|---|
| CVE-2026-33827 | HIGH (8.1) | 2026-04-14 | Current versionnot affected | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network. Affected versions
|
| CVE-2026-33826 | HIGH (8.0) | 2026-04-14 | Current versionnot affected | Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network. Affected versions
|
| CVE-2026-33824 | CRITICAL (9.8) | 2026-04-14 | Current versionnot affected | Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. Affected versions
|
| CVE-2026-33104 | HIGH (7.0) | 2026-04-14 | Current versionnot affected | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-33100 | HIGH (7.0) | 2026-04-14 | Current versionnot affected | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-33099 | HIGH (7.0) | 2026-04-14 | Current versionnot affected | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-33098 | HIGH (7.8) | 2026-04-14 | Current versionnot affected | Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-32225 | HIGH (8.8) | 2026-04-14 | Current versionnot affected | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. Affected versions
|
| CVE-2026-26128 | HIGH (7.8) | 2026-03-10 | Current versionnot affected | Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-26111 | HIGH (8.0) | 2026-03-10 | Current versionnot affected | Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Affected versions
|
| CVE-2026-25190 | HIGH (7.8) | 2026-03-10 | Current versionnot affected | Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. Affected versions
|
| CVE-2026-25188 | HIGH (8.8) | 2026-03-10 | Current versionnot affected | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network. Affected versions
|
| CVE-2026-25187 | HIGH (7.8) | 2026-03-10 | Current versionnot affected | Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-25181 | HIGH (7.5) | 2026-03-10 | Current versionnot affected | Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network. Affected versions
|
| CVE-2026-25179 | HIGH (7.0) | 2026-03-10 | Current versionnot affected | Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-25178 | HIGH (7.0) | 2026-03-10 | Current versionnot affected | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-25177 | HIGH (8.8) | 2026-03-10 | Current versionnot affected | Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. Affected versions
|
| CVE-2026-25176 | HIGH (7.8) | 2026-03-10 | Current versionnot affected | Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-25175 | HIGH (7.8) | 2026-03-10 | Current versionnot affected | Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-25174 | HIGH (7.8) | 2026-03-10 | Current versionnot affected | Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-25173 | HIGH (8.0) | 2026-03-10 | Current versionnot affected | Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Affected versions
|
| CVE-2026-25172 | HIGH (8.0) | 2026-03-10 | Current versionnot affected | Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Affected versions
|
| CVE-2026-25171 | HIGH (7.0) | 2026-03-10 | Current versionnot affected | Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-25166 | HIGH (7.8) | 2026-03-10 | Current versionnot affected | Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally. Affected versions
|
| CVE-2026-25165 | HIGH (7.8) | 2026-03-10 | Current versionnot affected | Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally. Affected versions
|