CVE-2026-26128 — Kerberos Reflection Bypass: Detection & Mitigation
1. Overview CVE-2026-26128 is a Kerberos authentication reflection bypass discovered by Synacktiv that completely bypasses the patch introduced for CVE-2025-33073. It allows an attacker to obtain SYSTEM-level access on most Windows builds. CVE CVE-2026-26128 Discovered by Synacktiv Patched March 2026 Patch Tuesday Related CVE-2025-33073, CVE-2025-58726, CVE-2026-24294 Impact Local Privilege Escalation → SYSTEM Affected All Windows versions except Windows 11 24H2 (default config) 2. Background The broader context of this vulnerability sits within a chain of authentication reflection research: ...