securityonline.info 7/6/2026, 2:32:41 AM · external

Windows Kerberos Flaw Enables SYSTEM Access Through Unicode Trick

Windows Kerberos Flaw Enables SYSTEM Access Through Unicode Trick
CyberSIXT Evidence Panel
Primary Source synacktiv.com
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

CVE- 2026-26128 is a high-severity Windows vulnerability (CVSS: 7.8) affecting several versions of Microsoft Windows 10, allowing domain users to escalate privileges to SYSTEM through Kerberos reflection attacks. Despite no confirmed exploitation so far, a proof-of-concept exploit is publicly available. The flaw exploits discrepancies in how Windows components process Unicode characters, enabling malicious actors to relay their own authentication back to the target machine.

Microsoft patched this issue in March 2026, and users are advised to update their systems to mitigate risks. SMB signing is a critical preventive measure for all Windows versions.

View Primary Source Via securityonline.info

Article by CyberSIXT