Vulnerability intelligence
CVE-2022-26923
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
Microsoft Active Directory
Active Directory Domain Services Elevation of Privilege Vulnerability
CVSS Score
8.8
High
EPSS — Exploit Probability
92%
Riskier than 100% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2022-09-08
CISA required action
Apply updates per vendor instructions. Deadline for federal agencies: 2022-09-08.
1 article across 1 outlet · first covered May 11, 2026 · latest May 11, 2026
Coverage timeline
-
AD CS Abuse via CVE-2022-26923 Drives Privilege Escalation Waveunit42.paloaltonetworks.com · May 11, 2026