Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Windows ikeext.dll double-free RCE (CVE-2026-33824)

Vulnerability
First reported
Last updated
Happening score
H score 24
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2026-33824 is a double-free flaw in Windows ikeext.dll that can let an unauthenticated attacker trigger remote code execution on systems with IKEv2 enabled. The bug was identified in the context of Patch Tuesday fixes, indicating the affected Windows code had already been patched when it was validated. Because exploitation can ride on specially crafted packets, exposed hosts face a high-risk network attack path until they are updated.

Related Happenings

ChromaDB Python API exposure mitigation (CVE-2026-45829)

Advisory/Mitigation
First: 20.05.2026 01:25 Last: 20.05.2026 01:25 Sources 1

About this happening: **HiddenLayer** urged **ChromaDB** users to harden exposed deployments because **CVE-2026-45829** can still enable code execution on the **Python FastAPI** server. Until patch sta...

Open Happening

OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)

Exploitation Wave
First: 17.05.2026 14:57 Last: 17.05.2026 14:57 Sources 1

About this happening: **openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...

Open Happening

Windows RPC PhantomRPC local privilege escalation flaw

Vulnerability
First: 28.04.2026 14:31 Last: 28.04.2026 14:31 Sources 1

About this happening: **PhantomRPC** in **Windows RPC** can let a local attacker elevate to **System** across **all Windows versions**, creating a high-impact privilege-escalation path. The flaw abuses...

Open Happening

Microsoft SharePoint Server spoofing vulnerability (actively exploited) (CVE-2026-32201)

Vulnerability
First: 14.04.2026 20:41 Last: 14.04.2026 20:41 Sources 1

About this happening: Microsoft patched **CVE-2026-32201** in **Microsoft SharePoint Server**, a **spoofing vulnerability** that was **exploited in attacks** and could affect **confidentiality** and **...

Open Happening

SolarWinds Web Help Desk (WHD) multi-stage exploitation wave

Exploitation Wave
First: 09.02.2026 16:42 Last: 09.02.2026 16:42 Sources 1

About this happening: **SolarWinds Web Help Desk (WHD)** exploitation is a **multi-stage intrusion wave** affecting **internet-exposed WHD instances**. The foothold remains unconfirmed, but the wave is...

Latest development: 10.03.2026 08:17

CISA added CVE-2025-26399 in SolarWinds Web Help Desk to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation, said Microsoft and Huntress had reported threat actors using SolarWinds Web Help Desk flaws to obtain initial access, attributed the activity to the Warlock ransomware crew, and ordered Federal Civilian Executive Branch (FCEB) agencies to apply the fix by March 12, 2026.

Open Happening

Timeline

  1. 13.05.2026 16:46 2 articles · 14d ago

    Microsoft discloses CVE-2026-33824 in Windows ikeext.dll

    Initial Disclosure

    Microsoft disclosed CVE-2026-33824, a CVSS 9.8 double-free vulnerability in Windows ikeext.dll that can let an unauthenticated attacker send specially crafted packets to a Windows machine with Internet Key Exchange (IKE) version 2 enabled and achieve remote code execution; the flaw was among Windows networking and authentication issues fixed in the May 2026 Patch Tuesday release.

    Show sources
    Open in new tab