Windows Hyper-V Remote Code Execution Vulnerability

Plan PatchCVSS 7.8CVE-2026-26156Apr 14, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

A heap-based buffer overflow vulnerability exists in Windows Hyper-V that allows an attacker with local access to execute arbitrary code at system level. The vulnerability affects Windows 10, Windows 11, Windows Server 2016, 2019, 2022, and 2025 across all supported versions and architectures.

What this means

What could happen

An attacker with local access to a Windows machine could exploit a heap buffer overflow in Hyper-V to run arbitrary code with system privileges, potentially compromising virtual machines or the host system itself.

Who's at risk

IT managers running virtualized infrastructure on Windows Server 2016, 2019, 2022, or 2025, or on Windows 10 and 11 systems with Hyper-V enabled. This affects both standard and Server Core installations used in data centers and edge computing environments.

How it could be exploited

An attacker with local user access to a Windows system running Hyper-V would trigger the heap buffer overflow through a specially crafted Hyper-V operation or API call, allowing code execution at system level.

Prerequisites

Local access to the Windows system
User account on the machine (no elevated privileges initially required)
Hyper-V role installed and enabled

Local access requiredHeap buffer overflowAffects virtualization hostsAll Windows Server versions impacted

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (21)

21 with fix

ProductAffected VersionsFix Status

Windows 11 Version 26H1 for ARM64-based SystemsAll versionsBuild 10.0.28000.1836

Windows 11 version 26H1 for x64-based SystemsAll versionsBuild 10.0.28000.1836

Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8644

Windows Server 2019All versionsBuild 10.0.17763.8644

Windows Server 2019 (Server Core installation)All versionsBuild 10.0.17763.8644

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply Microsoft's April 2026 security update to your Windows systems and Windows Server instances running Hyper-V

CVEs (1)

CVE-2026-26156

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a4a8c43e-e1b5-4add-8b50-3772f97fc9e7

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.