Description
Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
Published: 2026-06-09
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A null pointer dereference within the Kerberos protocol implementation can be triggered by an authenticated user to cause a denial of service. Attackers need valid credentials to initiate the exploit. The fault leads the Kerberos service to crash or become unresponsive, disrupting authentication for the host.

Affected Systems

Affected are Microsoft Windows 10 builds 1607, 1809, 21H2, 22H2, Windows 11 builds 23H2, 24H2, 25H2, 26H1, as well as Windows Server 2012 through 2025, including core installations. All listed variants are impacted. No specific sub‑version or build numbers beyond those enumerated are indicated in the data.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity. With no EPSS score available and the issue absent from the CISA KEV catalog, the likelihood of active exploitation appears limited at present. Because the exploit requires an authorized account, the attack vector is local or remote but privileged, meaning that compromised or legitimate user credentials can trigger the denial of service.

Generated by OpenCVE AI on June 9, 2026 at 19:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security updates from Microsoft that address the Kerberos denial-of-service flaw as they become available.
  • Configure firewall or network segmentation to restrict inbound Kerberos traffic to only trusted hosts, thereby limiting the exposure to authenticated threat actors.
  • Monitor Kerberos service logs and system event logs for crashes or abnormal restarts, and enable alerts to investigate potential exploitation attempts promptly.

Generated by OpenCVE AI on June 9, 2026 at 19:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 10 21h2
Microsoft windows 10 22h2
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2012 (server Core Installation)
Microsoft windows Server 2012 R2
Microsoft windows Server 2012 R2 (server Core Installation)
Microsoft windows Server 2016 (server Core Installation)
Microsoft windows Server 2019 (server Core Installation)
Microsoft windows Server 2025 (server Core Installation)
Vendors & Products Microsoft windows 10 21h2
Microsoft windows 10 22h2
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2012 (server Core Installation)
Microsoft windows Server 2012 R2
Microsoft windows Server 2012 R2 (server Core Installation)
Microsoft windows Server 2016 (server Core Installation)
Microsoft windows Server 2019 (server Core Installation)
Microsoft windows Server 2025 (server Core Installation)

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
Title Windows Kerberos Denial of Service Vulnerability
First Time appeared Microsoft
Microsoft windows 10 1607
Microsoft windows 10 1809
Microsoft windows 10 21h2
Microsoft windows 10 22h2
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2012
Microsoft windows Server 2012 R2
Microsoft windows Server 2016
Microsoft windows Server 2019
Microsoft windows Server 2022
Microsoft windows Server 2025
Weaknesses CWE-476
CPEs cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows 10 1607
Microsoft windows 10 1809
Microsoft windows 10 21h2
Microsoft windows 10 22h2
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2012
Microsoft windows Server 2012 R2
Microsoft windows Server 2016
Microsoft windows Server 2019
Microsoft windows Server 2022
Microsoft windows Server 2025
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 21h2 Windows 10 22h2 Windows 10 22h2 Windows 11 23h2 Windows 11 23h2 Windows 11 24h2 Windows 11 24h2 Windows 11 25h2 Windows 11 25h2 Windows 11 26h1 Windows 11 26h1 Windows Server 2012 Windows Server 2012 (server Core Installation) Windows Server 2012 R2 Windows Server 2012 R2 Windows Server 2012 R2 (server Core Installation) Windows Server 2016 Windows Server 2016 (server Core Installation) Windows Server 2019 Windows Server 2019 (server Core Installation) Windows Server 2022 Windows Server 2025 Windows Server 2025 (server Core Installation)
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T21:51:11.417Z

Reserved: 2026-04-30T22:35:54.968Z

Link: CVE-2026-42903

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:09.800

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-42903

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:00:17Z

Weaknesses