Cyber Posture

CVE-2026-21519

HighCISA KEVActive Exploitation

Published: 10 February 2026

Published
10 February 2026
Modified
11 February 2026
KEV Added
10 February 2026
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0452 89.2th percentile
Risk Priority 38 60% EPSS · 20% KEV · 20% CVSS

Description

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the type confusion vulnerability in Desktop Window Manager by requiring timely application of Microsoft patches as emphasized in the CVE analysis and CISA KEV catalog.

SI-16 Memory Protection partial match
prevent

Implements memory protections like ASLR, DEP, and CFG that mitigate exploitation of type confusion leading to local privilege escalation.

AC-6 Least Privilege partial match
prevent

Enforces least privilege for low-privilege local accounts, limiting the potential impact and scope of successful privilege escalation via the DWM vulnerability.

Security SummaryAI

CVE-2026-21519 is a type confusion vulnerability (CWE-843), classified as an access of resource using incompatible type, affecting the Desktop Window Manager (DWM) component in Microsoft Windows. Published on February 10, 2026, it carries a CVSS v3.1 base score of 7.8 (High), with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating high impacts on confidentiality, integrity, and availability when exploited.

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. Successful exploitation enables privilege escalation, potentially granting the attacker high-level access to the system, compromising sensitive data, modifying critical files, or disrupting system operations.

Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 provides details on patches and mitigation steps. The vulnerability is listed in CISA's Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21519, confirming active exploitation in the wild and urging federal agencies to apply mitigations promptly.

Security practitioners should prioritize patching affected Windows systems, as real-world exploitation has been observed, emphasizing the need for immediate updates to DWM to prevent local privilege escalation attacks.

Details

CWE(s)
CWE-843
KEV Date Added
10 February 2026

Affected Products

microsoft
windows 10 1607
≤ 10.0.14393.8868 · ≤ 10.0.14393.8868
microsoft
windows 10 1809
≤ 10.0.17763.8389 · ≤ 10.0.17763.8389
microsoft
windows 10 21h2
≤ 10.0.19044.6937 · ≤ 10.0.19044.6937 · ≤ 10.0.19044.6937
microsoft
windows 10 22h2
≤ 10.0.19045.6937 · ≤ 10.0.19045.6937 · ≤ 10.0.19045.6937
microsoft
windows 11 23h2
≤ 10.0.22631.6649 · ≤ 10.0.22631.6649
microsoft
windows 11 24h2
≤ 10.0.26100.7781 · ≤ 10.0.26100.7781
microsoft
windows 11 25h2
≤ 10.0.26200.7781 · ≤ 10.0.26200.7781
microsoft
windows server 2016
≤ 10.0.14393.8868
microsoft
windows server 2019
≤ 10.0.17763.8389
microsoft
windows server 2022
≤ 10.0.20348.4711
+2 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

CVE-2026-21519 is a local privilege escalation vulnerability exploitable by low-privileged attackers via type confusion in DWM, directly enabling T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References