CVE-2026-32202

Published Apr 14, 2026

Last updated 20 hours ago

Exploit known CVSS medium 4.3

Zero-day

Overview

Description: Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
Source: secure@microsoft.com
NVD status: Analyzed
Products: windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_11_26h1, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Severity: MEDIUM

Known exploits

Data from CISA

Vulnerability name: Microsoft Windows Protection Mechanism Failure Vulnerability
Exploit added on: Apr 28, 2026
Exploit action due: May 12, 2026
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com: CWE-693

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 11

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "158C16A3-547E-4130-8428-8E429C37E573",
            "versionEndExcluding": "10.0.14393.9060",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
            "matchCriteriaId": "58E1A340-D49A-4EBB-A750-876922ACD5CA",
            "versionEndExcluding": "10.0.14393.9060",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "64248504-2307-45FC-8FF3-7A227CFD8675",
            "versionEndExcluding": "10.0.17763.8644",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
            "matchCriteriaId": "9B1465B1-BDE6-4634-8F12-43F71D68A4D6",
            "versionEndExcluding": "10.0.17763.8644",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "88A175C4-E033-4FE7-B2BF-8BAE14321BC4",
            "versionEndExcluding": "10.0.19044.7184",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "86DBF14A-F486-4FE7-9126-D1D54952FC6C",
            "versionEndExcluding": "10.0.19044.7184",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
            "matchCriteriaId": "C375372B-D3D4-4B11-AAD8-69AC344C24BC",
            "versionEndExcluding": "10.0.19044.7184",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "8CE2E268-E776-4697-9E43-33ABA4CDBE05",
            "versionEndExcluding": "10.0.19045.7184",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "269B8E88-6473-41DD-BA33-D9184B82CA58",
            "versionEndExcluding": "10.0.19045.7184",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
            "matchCriteriaId": "FCBB431B-EF21-4454-BDA3-D8F276BE7A64",
            "versionEndExcluding": "10.0.19045.7184",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "B33CE091-B873-4C30-BA05-54A8C1839212",
            "versionEndExcluding": "10.0.22631.6936",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "E3AF28F3-D486-4B88-9E0E-371241024174",
            "versionEndExcluding": "10.0.22631.6936",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "94EB36C7-1FF2-4B44-AD91-F3540F09393E",
            "versionEndExcluding": "10.0.26100.8246",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "14B23C3F-C8AC-491A-BCA5-EB6982C8F9E9",
            "versionEndExcluding": "10.0.26100.8246",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "361B5DAB-8D1F-45D7-A33C-F49EBA56B5F8",
            "versionEndExcluding": "10.0.26200.8246",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "ADC6CE99-AB5D-4DD5-82A9-892366C4B2FD",
            "versionEndExcluding": "10.0.26200.8246",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "690E74A8-E72C-47B6-96EB-37C48D69A635",
            "versionEndExcluding": "10.0.28000.1836",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "13A01FA1-08DC-4E33-9FFC-AB4BCD9634CA",
            "versionEndExcluding": "10.0.28000.1836",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
            "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "982DB0CA-5196-4E42-B2F7-994BE8179715",
            "versionEndExcluding": "10.0.14393.9060",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "647CF9B5-8898-469B-9C09-D372A7843187",
            "versionEndExcluding": "10.0.17763.8644",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "DC6837B7-5DFD-4AF7-B436-3C6FEF48BA60",
            "versionEndExcluding": "10.0.20348.5020",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "55A1F3AB-5299-4495-9A73-FDA23C6FD88D",
            "versionEndExcluding": "10.0.25398.2274",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "ADF41A14-B9DA-4788-82A8-74DCDCD090E1",
            "versionEndExcluding": "10.0.26100.32690",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.