CVE-2026-32202
Published Apr 14, 2026
Last updated 21 days ago
AI description
CVE-2026-32202 is a protection mechanism failure vulnerability found in Windows Shell that allows an unauthorized attacker to perform spoofing over a network. This flaw enables attackers to bypass security controls designed to prevent spoofing attacks, potentially leading to information disclosure through deception of users or security controls. The vulnerability can be exploited by enticing a user to interact with malicious content over a network connection, often involving specially crafted Windows shortcut (LNK) files that leverage Universal Naming Convention (UNC) paths. This can lead to authentication coercion and credential theft, as the system may automatically authenticate to an attacker's server without direct user interaction. This vulnerability has been linked to an incomplete patch for a previous Windows Shell security bypass (CVE-2026-21510).
- Description
- Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_11_26h1, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- Microsoft Windows Protection Mechanism Failure Vulnerability
- Exploit added on
- Apr 28, 2026
- Exploit action due
- May 12, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-693
- Hype score
- Not currently trending
06:11 UTC: CVE-2026-32202 disclosed. The Patch That Didn't: CVE-2026-32202, APT28's LNK Trick, and the Zero-Click Credential Theft Nobody Flagged for Two Wee
@lyrie_ai
15 Jun 2026
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
The Patch That Wasn't: CVE-2026-32202, APT28's Zero-Click NTLM Credential Theft, and the Hidden Cost of Incomplete Fixes. CVE-2026-32202 is a zero-click Windows Shell spoofing vulnerability that survives as the residual tail of an incomplete patch Microsoft shipped on…
@lyrie_ai
30 May 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
2 Replies
0 Quotes
Proofpoint reports 12 CVE-2026 flaws under active exploitation, with opportunistic actors reusing familiar tactics. AI-assisted discovery is increasing new flaws, but abuse is already seen in CVE-2026-21509 and CVE-2026-32202. #CVE2026 #APT28 https://t.co/m3C5Svhv2N
@TweetThreatNews
27 May 2026
116 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Incomplete Patch Cycle: APT28''s CVE-2026-32202 Shows Why Microsoft''s Patch Tuesday Was Only Act One. December 2025: APT28 Fancy Bear, Forest Blizzard, GruesomeLarch discovered and began weaponizing a zero-click vulnerability in Windows Shell CVE-2026-21510.
@lyrie_ai
27 May 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
27, Microsoft — The Patch That Wasn't: CVE-2026-32202's Zero-Click NTLM Theft and APT28's Incomplete Fix Trap. The Incomplete Patch Trap: CVE-2026-32202's NTLM Theft Shows Why CVSS Scores Lie
@lyrie_ai
25 May 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
مايكروسوفت تؤكد الاستغلال النشط لثـ ـغرة Windows Shell CVE-2026-32202 التفاصيل .. https://t.co/AFPGCcv7WZ #مركز_الأمن_السيبراني_للابحاث_والدراسات https://t.co/FjvvpajBLr
@ccforrs
16 May 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 THREAT INTEL | May 12, 2026 🔴 CVEs DUE TODAY: CVE-2024-1708 (ConnectWise RCE), CVE-2026-32202 (Windows) 🔥 OVERDUE: PAN-OS RCE, Cisco FMC Ransomware RCE 🐛 LIVE: Mirai/Mozi botnets + Manji malware 🔐 NEW C&C: Vidar, AsyncRAT, PureHVNC #ThreatIntel #CyberSecurity
@404LABSx
12 May 2026
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Die zum 14. April 2024 geschlossene Windows Shell-Schwachstelle CVE-2026-32202 wird aktiv angegriffen https://t.co/YaTBPtvybK
@etguenni
1 May 2026
239 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CISAが既知の悪用された脆弱性2件をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Apr 28) CVE-2024-1708 ConnectWise ScreenConnect パストラバーサル脆弱性 CVE-2026-32202 Microsoft Windows保護メカニズムの不
@foxbook
30 Apr 2026
198 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISAが既知の悪用された脆弱性2件をカタログに追加 https://t.co/T31X6yamhs CVE-2024-1708 ConnectWise ScreenConnect パストラバーサル脆弱性 CVE-2026-32202 Microsoft Windows保護メカニズムの不具合の脆弱性
@cybersecnews_jp
29 Apr 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ConnectWise ScreenConnect path traversal vulnerability CVE-2024-1708 & Microsoft Windows protection mechanism failure vulnerability CVE-2026-32202 added to KEV
@password_ng
29 Apr 2026
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに、ConnectWise ScreenConnectのCVE-2024-1708とWindows ShellのCVE-2026-32202が追加。対処期限は通常の5/12。ランサムウェアによる悪用
@__kokumoto
29 Apr 2026
966 Impressions
0 Retweets
4 Likes
1 Bookmark
1 Reply
0 Quotes
🛡️ We added ConnectWise ScreenConnect path traversal vulnerability CVE-2024-1708 & Microsoft Windows protection mechanism failure vulnerability CVE-2026-32202 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf for more information. #Cybersecuri
@CISACyber
28 Apr 2026
5488 Impressions
15 Retweets
40 Likes
9 Bookmarks
5 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "158C16A3-547E-4130-8428-8E429C37E573",
"versionEndExcluding": "10.0.14393.9060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "58E1A340-D49A-4EBB-A750-876922ACD5CA",
"versionEndExcluding": "10.0.14393.9060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "64248504-2307-45FC-8FF3-7A227CFD8675",
"versionEndExcluding": "10.0.17763.8644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9B1465B1-BDE6-4634-8F12-43F71D68A4D6",
"versionEndExcluding": "10.0.17763.8644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "88A175C4-E033-4FE7-B2BF-8BAE14321BC4",
"versionEndExcluding": "10.0.19044.7184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "86DBF14A-F486-4FE7-9126-D1D54952FC6C",
"versionEndExcluding": "10.0.19044.7184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C375372B-D3D4-4B11-AAD8-69AC344C24BC",
"versionEndExcluding": "10.0.19044.7184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8CE2E268-E776-4697-9E43-33ABA4CDBE05",
"versionEndExcluding": "10.0.19045.7184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "269B8E88-6473-41DD-BA33-D9184B82CA58",
"versionEndExcluding": "10.0.19045.7184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "FCBB431B-EF21-4454-BDA3-D8F276BE7A64",
"versionEndExcluding": "10.0.19045.7184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B33CE091-B873-4C30-BA05-54A8C1839212",
"versionEndExcluding": "10.0.22631.6936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E3AF28F3-D486-4B88-9E0E-371241024174",
"versionEndExcluding": "10.0.22631.6936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "94EB36C7-1FF2-4B44-AD91-F3540F09393E",
"versionEndExcluding": "10.0.26100.8246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "14B23C3F-C8AC-491A-BCA5-EB6982C8F9E9",
"versionEndExcluding": "10.0.26100.8246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "361B5DAB-8D1F-45D7-A33C-F49EBA56B5F8",
"versionEndExcluding": "10.0.26200.8246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "ADC6CE99-AB5D-4DD5-82A9-892366C4B2FD",
"versionEndExcluding": "10.0.26200.8246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "690E74A8-E72C-47B6-96EB-37C48D69A635",
"versionEndExcluding": "10.0.28000.1836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "13A01FA1-08DC-4E33-9FFC-AB4BCD9634CA",
"versionEndExcluding": "10.0.28000.1836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "982DB0CA-5196-4E42-B2F7-994BE8179715",
"versionEndExcluding": "10.0.14393.9060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647CF9B5-8898-469B-9C09-D372A7843187",
"versionEndExcluding": "10.0.17763.8644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6837B7-5DFD-4AF7-B436-3C6FEF48BA60",
"versionEndExcluding": "10.0.20348.5020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55A1F3AB-5299-4495-9A73-FDA23C6FD88D",
"versionEndExcluding": "10.0.25398.2274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF41A14-B9DA-4788-82A8-74DCDCD090E1",
"versionEndExcluding": "10.0.26100.32690",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]