CVE-2026-33824 affects the Windows Internet Key Exchange (IKE) Service Extensions and is rated CVSS 9.8. Attackers with network reach to systems running IKE version 2 can trigger remote code execution without authentication by sending crafted packets, making this one of the highest-severity entries in April's Patch Tuesday. VPN concentrators and IPsec gateways are the obvious exposure. Mitigation priority: patch any Windows host exposing IKE v2 externally. Where patching is not immediately possible, restrict IKE traffic to known peers at the network perimeter or disable IKE v2 temporarily. Tenable, Rapid7, and CrowdStrike all flag this as a top-five entry this month.