CVE-2026-33829

Researchers said an unpatched Windows search: URI flaw could leak NTLMv2 hashes through a crafted link. Microsoft did not fix the issue after disclosure in April 2026, and the report advised SMB and NTLM mitigations.