Search criteria
2940 vulnerabilities found for windows_server_2025 by microsoft
FKIE_CVE-2026-21533
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 15:23
Severity ?
Summary
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
References
Impacted products
{
"cisaActionDue": "2026-03-03",
"cisaExploitAdd": "2026-02-10",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows Improper Privilege Management Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x96:*",
"matchCriteriaId": "458D2B4A-5769-48F3-BA97-F174FE89F928",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Gesti\u00f3n inadecuada de privilegios en Escritorio remoto de Windows permite a un atacante autorizado elevar privilegios localmente."
}
],
"id": "CVE-2026-21533",
"lastModified": "2026-02-11T15:23:41.867",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:35.790",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21533"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21525
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 15:43
Severity ?
Summary
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
References
Impacted products
{
"cisaActionDue": "2026-03-03",
"cisaExploitAdd": "2026-02-10",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows NULL Pointer Dereference Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally."
},
{
"lang": "es",
"value": "Desreferencia de puntero nulo en el Administrador de Conexiones de Acceso Remoto de Windows permite a un atacante no autorizado denegar el servicio localmente."
}
],
"id": "CVE-2026-21525",
"lastModified": "2026-02-11T15:43:43.057",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:34.930",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21525"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21519
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 16:13
Severity ?
Summary
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
References
Impacted products
{
"cisaActionDue": "2026-03-03",
"cisaExploitAdd": "2026-02-10",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows Type Confusion Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Access of resource using incompatible type (\u0027type confusion\u0027) in Desktop Window Manager allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Acceso de recurso usando tipo incompatible (\u0027confusi\u00f3n de tipos\u0027) en el Administrador de ventanas de escritorio permite a un atacante autorizado elevar privilegios localmente."
}
],
"id": "CVE-2026-21519",
"lastModified": "2026-02-11T16:13:16.180",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:34.417",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21519"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21513
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 15:38
Severity ?
Summary
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
References
Impacted products
{
"cisaActionDue": "2026-03-03",
"cisaExploitAdd": "2026-02-10",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:-:*:x64:*",
"matchCriteriaId": "C9801763-02E0-471B-A571-6E9733A5358D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:-:*:x64:*",
"matchCriteriaId": "5D132B4B-F718-420D-B31D-39390ADB6ABB",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:-:*:x64:*",
"matchCriteriaId": "E1DDF720-A228-412B-BF01-ECD759C35A24",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:-:*:x64:*",
"matchCriteriaId": "40F60E69-9FF7-4613-84D3-1982F357A82E",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "62BDF24B-B74A-4F48-A6A5-CA375ECE9B5C",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network."
}
],
"id": "CVE-2026-21513",
"lastModified": "2026-02-11T15:38:13.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:33.643",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21513"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21508
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-12 17:19
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21508 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally."
}
],
"id": "CVE-2026-21508",
"lastModified": "2026-02-12T17:19:52.533",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-02-10T18:16:33.003",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21508"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
},
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21510
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 16:13
Severity ?
Summary
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
References
Impacted products
{
"cisaActionDue": "2026-03-03",
"cisaExploitAdd": "2026-02-10",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows Shell Protection Mechanism Failure Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network."
}
],
"id": "CVE-2026-21510",
"lastModified": "2026-02-11T16:13:25.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:33.170",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21510"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21255
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 20:04
Severity ?
Summary
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21255 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally."
},
{
"lang": "es",
"value": "Control de acceso inadecuado en Windows Hyper-V permite a un atacante autorizado eludir una caracter\u00edstica de seguridad localmente."
}
],
"id": "CVE-2026-21255",
"lastModified": "2026-02-11T20:04:16.867",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:27.167",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21255"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21253
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 19:26
Severity ?
Summary
Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21253 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:-:*:x64:*",
"matchCriteriaId": "C9801763-02E0-471B-A571-6E9733A5358D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:-:*:x64:*",
"matchCriteriaId": "5D132B4B-F718-420D-B31D-39390ADB6ABB",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:-:*:x64:*",
"matchCriteriaId": "E1DDF720-A228-412B-BF01-ECD759C35A24",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:-:*:x64:*",
"matchCriteriaId": "40F60E69-9FF7-4613-84D3-1982F357A82E",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "62BDF24B-B74A-4F48-A6A5-CA375ECE9B5C",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Uso despu\u00e9s de liberar en el sistema de archivos Mailslot permite a un atacante autorizado elevar privilegios localmente."
}
],
"id": "CVE-2026-21253",
"lastModified": "2026-02-11T19:26:52.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:27.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21253"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21249
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 19:53
Severity ?
Summary
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21249 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally."
},
{
"lang": "es",
"value": "El control externo del nombre o la ruta del archivo en Windows NTLM permite a un atacante no autorizado realizar suplantaci\u00f3n de identidad localmente."
}
],
"id": "CVE-2026-21249",
"lastModified": "2026-02-11T19:53:01.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:26.500",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21249"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-73"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21247
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 20:45
Severity ?
Summary
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21247 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally."
},
{
"lang": "es",
"value": "Validaci\u00f3n de entrada incorrecta en Windows Hyper-V permite a un atacante autorizado ejecutar c\u00f3digo localmente."
}
],
"id": "CVE-2026-21247",
"lastModified": "2026-02-11T20:45:56.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:26.180",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21247"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21251
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 19:42
Severity ?
Summary
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21251 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Uso despu\u00e9s de liberar en la conmutaci\u00f3n por error del cliente de cl\u00faster de Windows permite a un atacante autorizado elevar privilegios localmente."
}
],
"id": "CVE-2026-21251",
"lastModified": "2026-02-11T19:42:34.007",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:26.840",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21251"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21250
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 19:49
Severity ?
Summary
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21250 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_11_25h2 | * | |
| microsoft | windows_11_25h2 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Desreferencia de puntero no confiable en Windows HTTP.sys permite a un atacante autorizado elevar privilegios localmente."
}
],
"id": "CVE-2026-21250",
"lastModified": "2026-02-11T19:49:34.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:26.670",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21250"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-822"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21246
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 20:36
Severity ?
Summary
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21246 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en el Componente de Gr\u00e1ficos de Microsoft permite a un atacante autorizado elevar privilegios localmente."
}
],
"id": "CVE-2026-21246",
"lastModified": "2026-02-11T20:36:58.373",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:26.010",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21246"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2026-21248
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 20:15
Severity ?
Summary
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21248 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en Windows Hyper-V permite a un atacante autorizado ejecutar c\u00f3digo localmente."
}
],
"id": "CVE-2026-21248",
"lastModified": "2026-02-11T20:15:17.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:26.340",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21248"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2026-21242
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 20:56
Severity ?
Summary
Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21242 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Uso despu\u00e9s de liberar en el Subsistema de Windows para Linux permite a un atacante autorizado elevar privilegios localmente."
}
],
"id": "CVE-2026-21242",
"lastModified": "2026-02-11T20:56:41.543",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:25.323",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21242"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21241
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 20:57
Severity ?
Summary
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21241 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Uso despu\u00e9s de liberar en el controlador de funci\u00f3n auxiliar de Windows para WinSock permite a un atacante autorizado elevar privilegios localmente."
}
],
"id": "CVE-2026-21241",
"lastModified": "2026-02-11T20:57:27.187",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:25.150",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21241"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21244
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 20:43
Severity ?
Summary
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21244 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en Windows Hyper-V permite a un atacante autorizado ejecutar c\u00f3digo localmente."
}
],
"id": "CVE-2026-21244",
"lastModified": "2026-02-11T20:43:08.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:25.650",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21244"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2026-21243
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 20:41
Severity ?
Summary
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21243 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network."
},
{
"lang": "es",
"value": "Desreferencia de puntero nulo en LDAP de Windows - Protocolo ligero de acceso a directorios permite a un atacante no autorizado denegar el servicio a trav\u00e9s de una red."
}
],
"id": "CVE-2026-21243",
"lastModified": "2026-02-11T20:41:23.863",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:25.480",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21243"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21245
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 20:44
Severity ?
Summary
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21245 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_11_25h2 | * | |
| microsoft | windows_11_25h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en el kernel de Windows permite a un atacante autorizado elevar privilegios localmente."
}
],
"id": "CVE-2026-21245",
"lastModified": "2026-02-11T20:44:29.940",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:25.843",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21245"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2026-21237
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 21:05
Severity ?
Summary
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21237 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Ejecuci\u00f3n concurrente utilizando un recurso compartido con sincronizaci\u00f3n inadecuada (\u0027condici\u00f3n de carrera\u0027) en el Subsistema de Windows para Linux permite a un atacante autorizado elevar privilegios localmente."
}
],
"id": "CVE-2026-21237",
"lastModified": "2026-02-11T21:05:42.250",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:24.427",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21237"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
},
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2026-21239
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 21:00
Severity ?
Summary
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21239 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en el kernel de Windows permite a un atacante autorizado elevar privilegios localmente."
}
],
"id": "CVE-2026-21239",
"lastModified": "2026-02-11T21:00:30.630",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:24.780",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21239"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2026-21240
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 20:59
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21240 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Una condici\u00f3n de carrera de tiempo de verificaci\u00f3n tiempo de uso (TOCTOU) en Windows HTTP.sys permite a un atacante autorizado elevar privilegios localmente."
}
],
"id": "CVE-2026-21240",
"lastModified": "2026-02-11T20:59:15.043",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-02-10T18:16:24.963",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21240"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21238
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 21:01
Severity ?
Summary
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21238 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Control de acceso inadecuado en el controlador de funci\u00f3n auxiliar de Windows para WinSock permite a un atacante autorizado elevar privilegios localmente."
}
],
"id": "CVE-2026-21238",
"lastModified": "2026-02-11T21:01:48.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:24.613",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21238"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21236
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 21:07
Severity ?
Summary
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21236 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en el controlador de funci\u00f3n auxiliar de Windows para WinSock permite a un atacante autorizado elevar privilegios localmente."
}
],
"id": "CVE-2026-21236",
"lastModified": "2026-02-11T21:07:23.287",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:24.250",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21236"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2026-21232
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 21:12
Severity ?
Summary
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21232 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_11_25h2 | * | |
| microsoft | windows_11_25h2 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Desreferencia de puntero no confiable en Windows HTTP.sys permite a un atacante autorizado elevar privilegios localmente."
}
],
"id": "CVE-2026-21232",
"lastModified": "2026-02-11T21:12:11.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:23.770",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21232"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-822"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21231
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 21:13
Severity ?
Summary
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21231 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows Kernel allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Ejecuci\u00f3n concurrente utilizando un recurso compartido con sincronizaci\u00f3n inadecuada (\u0027condici\u00f3n de carrera\u0027) en el kernel de Windows permite a un atacante autorizado elevar privilegios localmente."
}
],
"id": "CVE-2026-21231",
"lastModified": "2026-02-11T21:13:54.983",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:23.600",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21231"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21234
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 21:10
Severity ?
Summary
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21234 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Ejecuci\u00f3n concurrente utilizando un recurso compartido con sincronizaci\u00f3n inadecuada (\u0027condici\u00f3n de carrera\u0027) en el Servicio de Plataforma de Dispositivos Conectados de Windows permite a un atacante autorizado elevar privilegios localmente."
}
],
"id": "CVE-2026-21234",
"lastModified": "2026-02-11T21:10:43.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:23.930",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21234"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21222
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 21:18
Severity ?
Summary
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21222 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally."
},
{
"lang": "es",
"value": "Inserci\u00f3n de informaci\u00f3n sensible en un archivo de registro en el kernel de Windows permite a un atacante autorizado divulgar informaci\u00f3n localmente."
}
],
"id": "CVE-2026-21222",
"lastModified": "2026-02-11T21:18:38.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:23.130",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21222"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-20846
Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 20:30
Severity ?
Summary
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20846 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network."
},
{
"lang": "es",
"value": "Sobrelectura de b\u00fafer en Windows GDI+ permite a un atacante no autorizado denegar servicio a trav\u00e9s de una red."
}
],
"id": "CVE-2026-20846",
"lastModified": "2026-02-11T20:30:43.550",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T18:16:22.797",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20846"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-126"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
CVE-2026-21222 (GCVE-0-2026-21222)
Vulnerability from cvelistv5 – Published: 2026-02-10 17:51 – Updated: 2026-02-27 20:55
VLAI?
Title
Windows Kernel Information Disclosure Vulnerability
Summary
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
Severity ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8868
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21222",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:26:21.573993Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:26:31.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8868",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8389",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.6937",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.6937",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6649",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6649",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.7840",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23022",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23022",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8868",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8868",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8389",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8389",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4773",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2149",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32370",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32370",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8389",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8389",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8389",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4773",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.6937",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.6937",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32370",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6649",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6649",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2149",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.7840",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32370",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8868",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8868",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8868",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23022",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23022",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-02-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T20:55:24.756Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Kernel Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21222"
}
],
"title": "Windows Kernel Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-21222",
"datePublished": "2026-02-10T17:51:49.321Z",
"dateReserved": "2025-12-11T21:02:05.731Z",
"dateUpdated": "2026-02-27T20:55:24.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}