# CVE-2026-33826

> A stack-based buffer overflow in the Windows IKE Extensions service (IKEEXT) allows an unauthenticated remote attacker to achieve code execution by sending a malformed IKE_SA_INIT packet. The vulnerability is in the IKEv2 negotiation parser and requires no user interaction or authentication. The network-adjacent attack vector and lack of required privileges make this a critical-severity issue with potential for wormable exploitation across enterprise VPN and IPsec infrastructure.

- **CVSS:** 9.1 (CRITICAL)
- **EPSS:** 1.1%
- **CWE:** CWE-121

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-33826
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp