Origin validation error in Windows and Windows Server - CVE-2026-56181
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a remote attacker to perform spoofing.
The vulnerability exists due to an origin validation error in Windows Network Address Translation (NAT) when handling network traffic on an adjacent network. A remote attacker can position themselves on a logically adjacent network path to perform spoofing.
Exploitation requires machine-in-the-middle conditions on a logically adjacent topology.