cve 2026 33840

CVE-2026-33840 is a Microsoft-disclosed Win32k elevation-of-privilege vulnerability rated Important in Windows 11 and Windows Server 2025. It is a use-after-free bug that allows a locally authenticated attacker to gain SYSTEM privileges. The vulnerability has low attack complexity, requires no user interaction, and is assessed as exploitation more likely. While not a headline-grabbing remote flaw, it is the kind of local privilege escalation that can serve as a critical link in an intrusion chain. Windows administrators should prioritize patching this flaw to close a potential path to full system compromise.