CVE-2026-32153 - Vulnerability Details

- Windows Speech Runtime Elevation of Privilege Vulnerability

Description

Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.

Published: 2026-04-14

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Use after free in the Windows Speech runtime allows a code path that leads to local privilege escalation. The flaw arises when an authorized user interacts with the speech subsystem, causing a use‑after‑free and memory corruption that can be abused to execute arbitrary code with SYSTEM privileges. This is categorized as CWE‑416 and involves race conditions (CWE‑362). The result is that a local attacker can gain elevated privileges on the affected machine, enabling them to install software, modify system settings, or compromise confidential data.

Affected Systems

The vulnerability touches Microsoft Windows 10 releases 1809, 21H2 and 22H2 as well as Windows 11 releases 23H2, 24H2, 25H2, 22H3 and 26H1. The affected architectures include x86, x86‑64 and ARM64 variants as listed in the CPE data.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, and while the EPSS score is not publicly available, the flaw requires a local user context to trigger. The vulnerability is not listed in CISA’s KEV catalog, implying no confirmed public exploit so far. Nonetheless, because an authorized local attacker can trigger the issue, the risk is significant if the system remains unpatched, especially in environments where privileged user accounts are available.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Microsoft

Windows 10 Version 1809

affected

Version	Status	Constraints
`10.0.17763.0`	affected	< 10.0.17763.8644

Microsoft

Windows 10 Version 21H2

affected

Version	Status	Constraints
`10.0.19044.0`	affected	< 10.0.19044.7184

Microsoft

Windows 10 Version 22H2

affected

Version	Status	Constraints
`10.0.19045.0`	affected	< 10.0.19045.7184

Microsoft

Windows 11 version 22H3

affected

Version	Status	Constraints
`10.0.22631.0`	affected	< 10.0.22631.6936

Microsoft

Windows 11 Version 23H2

affected

Version	Status	Constraints
`10.0.22631.0`	affected	< 10.0.22631.6936

Microsoft

Windows 11 Version 24H2

affected

Version	Status	Constraints
`10.0.26100.0`	affected	< 10.0.26100.8246

Microsoft

Windows 11 Version 25H2

affected

Version	Status	Constraints
`10.0.26200.0`	affected	< 10.0.26200.8246

Microsoft

Windows 11 version 26H1

affected

Version	Status	Constraints
`10.0.28000.0`	affected	< 10.0.28000.1836

No data.

Vendor Product Confidence Versions

Microsoft

Windows 10 1809

86%

Version	Status	Scheme	Platform
`[10.0.17763.0,10.0.17763.8644)`	affected	generic	['32-bit_systems', 'x64-based_systems']

Microsoft

Windows 10 21h2

86%

Version	Status	Scheme	Platform
`[10.0.19044.0,10.0.19044.7184)`	affected	generic	['32-bit_systems', 'arm64-based_systems', 'x64-based_systems']

Microsoft

Windows 10 22h2

86%

Version	Status	Scheme	Platform
`[10.0.19045.0,10.0.19045.7184)`	affected	generic	['32-bit_systems', 'arm64-based_systems', 'x64-based_systems']

Microsoft

Windows 11 22h3

86%

Version	Status	Scheme	Platform
`[10.0.22631.0,10.0.22631.6936)`	affected	generic	['arm64-based_systems']

Microsoft

Windows 11 23h2

86%

Version	Status	Scheme	Platform
`[10.0.22631.0,10.0.22631.6936)`	affected	generic	['x64-based_systems']

Microsoft

Windows 11 24h2

86%

Version	Status	Scheme	Platform
`[10.0.26100.0,10.0.26100.32690)`	affected	generic	['arm64-based_systems', 'x64-based_systems']

Microsoft

Windows 11 25h2

86%

Version	Status	Scheme	Platform
`[10.0.26200.0,10.0.26200.8246)`	affected	generic	['arm64-based_systems', 'x64-based_systems']

Microsoft

Windows 11 26h1

86%

Version	Status	Scheme	Platform
`[10.0.28000.0,10.0.28000.1836)`	affected	generic	['arm64-based_systems', 'x64-based_systems']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install the Microsoft security update that addresses CVE-2026-32153
Verify that the update is applied to Windows 10 1809, 21H2, 22H2, and Windows 11 23H2, 24H2, 25H2, 22H3, 26H1
If unable to apply the update, consider disabling the Windows Speech service to prevent exploitation

Generated by OpenCVE AI on April 14, 2026 at 19:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0004.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32153

History

Wed, 15 Apr 2026 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft windows 10 21h2 Microsoft windows 10 22h2 Microsoft windows 11 22h3 Microsoft windows 11 23h2 Microsoft windows 11 24h2 Microsoft windows 11 25h2 Microsoft windows 11 26h1
Vendors & Products		Microsoft windows 10 21h2 Microsoft windows 10 22h2 Microsoft windows 11 22h3 Microsoft windows 11 23h2 Microsoft windows 11 24h2 Microsoft windows 11 25h2 Microsoft windows 11 26h1

Wed, 15 Apr 2026 10:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 14 Apr 2026 17:30:00 +0000

Type	Values Removed	Values Added
Description		Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
Title		Windows Speech Runtime Elevation of Privilege Vulnerability
First Time appeared		Microsoft Microsoft windows 10 1809 Microsoft windows 10 21h2 Microsoft windows 10 22h2 Microsoft windows 11 23h2 Microsoft windows 11 24h2 Microsoft windows 11 25h2 Microsoft windows 11 26h1
Weaknesses		CWE-362 CWE-416
CPEs		cpe:2.3:o:microsoft:windows_10_1809:::::::x86:* cpe:2.3:o:microsoft:windows_10_21H2:::::::x86:* cpe:2.3:o:microsoft:windows_10_22H2:::::::x64:* cpe:2.3:o:microsoft:windows_11_23H2:::::::arm64:* cpe:2.3:o:microsoft:windows_11_23H2:::::::x64:* cpe:2.3:o:microsoft:windows_11_24H2:::::::arm64:* cpe:2.3:o:microsoft:windows_11_25H2:::::::arm64:* cpe:2.3:o:microsoft:windows_11_26H1:::::::arm64:*
Vendors & Products		Microsoft Microsoft windows 10 1809 Microsoft windows 10 21h2 Microsoft windows 10 22h2 Microsoft windows 11 23h2 Microsoft windows 11 24h2 Microsoft windows 11 25h2 Microsoft windows 11 26h1
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32153
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}`

Subscriptions

Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 21h2 Windows 10 22h2 Windows 10 22h2 Windows 11 22h3 Windows 11 23h2 Windows 11 23h2 Windows 11 24h2 Windows 11 24h2 Windows 11 25h2 Windows 11 25h2 Windows 11 26h1 Windows 11 26h1

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2026-04-14T16:58:27.985Z

Updated: 2026-04-17T15:52:24.902Z

Reserved: 2026-03-10T23:09:43.264Z

Link: CVE-2026-32153

Vulnrichment

Updated: 2026-04-15T09:08:00.781Z

NVD

Status : Awaiting Analysis

Published: 2026-04-14T18:17:15.930

Modified: 2026-04-17T15:10:35.607

Link: CVE-2026-32153

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-15T15:15:06Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object