Cyber Posture

CVE-2026-21510

HighCISA KEVActive Exploitation

Published: 10 February 2026

Published
10 February 2026
Modified
11 February 2026
KEV Added
10 February 2026
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0404 88.6th percentile
Risk Priority 40 60% EPSS · 20% KEV · 20% CVSS

Description

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly addresses the protection mechanism failure by requiring identification, reporting, and timely patching of flaws like CVE-2026-21510 as detailed in Microsoft's update guide.

SI-3 Malicious Code Protection good match
preventdetect

Mitigates exploitation of the Windows Shell bypass by deploying malicious code protection mechanisms to prevent and detect execution of attacker payloads delivered via malicious links or files.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Enables detection of systems vulnerable to CVE-2026-21510 through periodic vulnerability scanning, facilitating prioritization for remediation given its presence in CISA's KEV catalog.

Security SummaryAI

CVE-2026-21510 is a protection mechanism failure (CWE-693) in the Windows Shell, enabling an unauthorized attacker to bypass a security feature over a network. This vulnerability affects the Windows Shell component within Microsoft Windows operating systems. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, lack of privilege requirements, and potential for significant impacts on confidentiality, integrity, and availability.

The attack scenario involves a remote, unauthenticated attacker who can exploit the flaw over the network, though it requires user interaction such as clicking a malicious link or opening a file. Upon successful exploitation, the attacker can bypass Windows Shell security protections, potentially leading to arbitrary code execution, data theft, system modification, or denial of service with high impact.

Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 details available patches and mitigation steps for affected systems. The vulnerability appears in CISA's Known Exploited Vulnerabilities catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21510, signaling real-world exploitation and urging federal agencies to apply mitigations promptly.

Details

CWE(s)
CWE-693
KEV Date Added
10 February 2026

Affected Products

microsoft
windows 10 1607
≤ 10.0.14393.8868 · ≤ 10.0.14393.8868
microsoft
windows 10 1809
≤ 10.0.17763.8389 · ≤ 10.0.17763.8389
microsoft
windows 10 21h2
≤ 10.0.19044.6937 · ≤ 10.0.19044.6937 · ≤ 10.0.19044.6937
microsoft
windows 10 22h2
≤ 10.0.19045.6937 · ≤ 10.0.19045.6937 · ≤ 10.0.19045.6937
microsoft
windows 11 23h2
≤ 10.0.22631.6649 · ≤ 10.0.22631.6649
microsoft
windows 11 24h2
≤ 10.0.26100.7781 · ≤ 10.0.26100.7781
microsoft
windows 11 25h2
≤ 10.0.26200.7781 · ≤ 10.0.26200.7781
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.8868
microsoft
windows server 2019
≤ 10.0.17763.8389
+3 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
Why these techniques?

CVE-2026-21510 is a Windows Shell protection bypass exploited remotely with user interaction (malicious link/file), enabling arbitrary code execution, directly facilitating T1203 Exploitation for Client Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References