# CVE-2026-23666

> Windows TCP/IP IPv6 remote code execution vulnerability caused by an integer overflow in IPv6 fragment reassembly. Reachable from any adjacent network and rated wormable by Microsoft MSRC, allowing unauthenticated attackers to achieve code execution via crafted IPv6 packets.

- **CVSS:** 9.8 (CRITICAL)
- **EPSS:** 0.2%
- **CWE:** CWE-190

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-23666
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp