CVE-2026-32157
CVE-2026-32157 is a critical remote code execution vulnerability in Microsoft Active Directory Domain Services, disclosed as part of the April 2026 Patch Tuesday addressing 167 vulnerabilities. An authenticated attacker with low privileges can write arbitrary LDAP attributes leading to domain controller code execution (CVSS 9.0). This vulnerability is part of a massive patch release that includes two zero-days (CVE-2026-32201 SharePoint spoofing actively exploited, CVE-2026-33825 Defender EoP publicly disclosed), a wormable Windows TCP/IP IPv6 RCE (CVE-2026-23666, CVSS 9.8), and six additional Critical RCE flaws across Word, .NET, Remote Desktop, IKE Extensions, Office/Outlook, and SharePoint Server. The AD DS vulnerability is particularly dangerous in enterprise environments as it enables direct compromise of domain controllers from any authenticated domain user.
CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Weaknesses (CWE)
CWE-20