CVE-2026-33828 – Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability

CVE-2026-33828 is a Critical elevation of privilege vulnerability in Windows Device Health Attestation caused by a trust boundary violation. An authorized local attacker with low privileges could exploit the flaw to gain SYSTEM privileges. Successful exploitation could allow deep control over the affected system.

CVSS Score: 7.8
SEVERITY: Critical
THREAT:
This vulnerability allows a local attacker to cross a Windows attestation trust boundary and elevate privileges. The attacker needs low privileges, but no user interaction is required. The main risk is escalation to SYSTEM-level access.

EXPLOITS:
Publicly Disclosed: No.
Exploited: No.
Exploitability Assessment: Exploitation Unlikely.
No public exploit, zero-day exploitation, or proof-of-concept code is confirmed in the provided data.

TECHNICAL SUMMARY:
CVE-2026-33828 is caused by a trust boundary violation, identified as CWE-501, in Windows Attestation. The flaw may allow a low-privileged local attacker to bypass expected security boundaries and elevate privileges. The CVSS v3.1 metrics show local attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, and high impact to confidentiality, integrity, and availability.

EXPLOITABILITY:
Affected software includes Windows 10 versions 1607, 1809, 21H2, and 22H2; Windows 11 versions 23H2, 24H2, 25H2, and 26H1; Windows Server 2016, 2019, 2022, and 2025, including listed Server Core installations.
Exploitation requires local access and low privileges. Successful exploitation could grant SYSTEM privileges.

BUSINESS IMPACT:
This vulnerability is dangerous because SYSTEM privileges can allow attackers to disable security tools, steal sensitive data, install malware, maintain persistence, and move deeper into the environment. It is especially risky when combined with phishing, malware, or another initial access method.

WORKAROUND:
No mitigations or workarounds are listed.
Where patching is delayed, limit local administrative exposure, monitor suspicious privilege escalation behavior, and reduce unnecessary low-privileged access on shared systems.

URGENCY:
This patch should be prioritized because the vulnerability is rated Critical and can grant SYSTEM privileges. Although exploitation is assessed as unlikely, privilege escalation flaws are valuable after initial compromise.