KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

8.8

CVSS
High

CVE-2022-26923

PUBLISHED

Active Directory Domain Services Elevation of Privilege Vulnerability

Exploited in the wild Remote Low complexity No user interaction

Vendor: Microsoft
Product: Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)
Published: May 10, 2022
EPSS: —

Description

Active Directory Domain Services Elevation of Privilege Vulnerability

windows cisa microsoft nessus_scanner

CVSS scores

CVSS v3.1 8.8 High

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Exploitation status

Exploited in the wild

Recorded 2022-08-18 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: No
Technical impact: total

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Aug 18, 2022

Scanner integrations

Scanner	Reference	Detected
Nessus	https://www.tenable.com/plugins/nessus/160938	Jun 02, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

Gh-Badr/CVE-2022-26923

github · Created 2023-11-28 16:13:36 UTC · 1 stars

A proof of concept exploiting CVE-2022-26923.

lsecqt/CVE-2022-26923-Powershell-POC

github · Created 2022-08-17 21:13:49 UTC · 17 stars

A powershell poc to load and automatically run Certify and Rubeus from memory.

LudovicPatho/CVE-2022-26923_AD-Certificate-Services

github · Created 2022-05-14 09:27:06 UTC · 44 stars

The vulnerability allowed a low-privileged user to escalate privileges to domain administrator in a default Active Directory environment with the Active Directory Certificate Services (AD CS) server role installed.

r1skkam/TryHackMe-CVE-2022-26923

github · Created 2022-05-12 02:31:50 UTC · 6 stars

Walkthrough on the exploitation of CVE-2022-26923, a vulnerability in AD Certificate Services

Timeline

CVE ID Reserved

March 11, 2022
CVE Published to Public

May 10, 2022
Added to KEVIntel

August 18, 2022
Detected by Nessus

June 02, 2025