CVE-2026-21510
Published Feb 10, 2026
Last updated 4 months ago
- Description
- Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Exploit added on
- Feb 10, 2026
- Exploit action due
- Mar 3, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-693
- Hype score
- Not currently trending
"More CVEs, Same Playbook: 2026 Vulnerability Exploitation in the Wild" published by @proofpoint. #CVE-2026-21510, #LNK, #Phishing, #TA406, #DPRK, #CTI
@lazarusholic
27 May 2026
227 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Incomplete Patch Cycle: APT28''s CVE-2026-32202 Shows Why Microsoft''s Patch Tuesday Was Only Act One. December 2025: APT28 Fancy Bear, Forest Blizzard, GruesomeLarch discovered and began weaponizing a zero-click vulnerability in Windows Shell CVE-2026-21510.
@lyrie_ai
27 May 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Unpopular opinion: The cybersecurity industry is selling you dashboards. TL;DR Microsoft's February 2026 patch for APT28's exploit chain (CVE-2026-21510/CVE-2026-21513) blocked the initial RCE but left an authentication coercion flaw behind.
@lyrie_ai
24 May 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-21510 2 - CVE-2026-46300 3 - CVE-2026-41096 4 - CVE-2026-0300 5 - CVE-2026-34263 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
14 May 2026
128 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 ¡Zero-Day crítico en Windows! 🚨 El CVE-2026-21510 (CVSS 8.8) permite saltar SmartScreen mediante links maliciosos. ¡Ya está bajo ataque activo! 📉 ✅ Afecta: Win 10 a Server 2025 🛠️ Solución: Parche de Febrero 2026 No esperes, ¡actualiza ya! 💻🛡️ #
@Priority_IT
27 Mar 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]