{"uuid": "c31c1c7a-6598-4f24-993a-193a82eeeb99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24294", "type": "seen", "source": "https://t.me/P0x3k_1N73LL1G3NC3/343", "content": "BYPASSING WINDOWS AUTHENTICATION REFLECTION MITIGATIONS FOR SYSTEM SHELLS - PART \u2461\n\nA new arbitrary Kerberos coercion technique (CVE-2026-26128) that led to a complete bypass of the patch of CVE-2025-33073. This short-lived RCE was then transformed into a universal LPE attack.\n\nBYPASSING WINDOWS AUTHENTICATION REFLECTION MITIGATIONS FOR SYSTEM SHELLS - PART 1\n\nAbuse of a new feature of recent Windows versions, namely the ability to connect to SMB shares on arbitrary TCP ports, to achieve local privilege escalation\u00a0(CVE-2026-24294) on up-to-date Windows Server 2025 machines.", "creation_timestamp": "2026-05-02T06:09:03.000000Z"}