Cyber Posture

CVE-2026-21533

HighCISA KEVActive Exploitation

Published: 10 February 2026

Published
10 February 2026
Modified
30 March 2026
KEV Added
10 February 2026
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2020 95.5th percentile
Risk Priority 48 60% EPSS · 20% KEV · 20% CVSS

Description

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the improper privilege management flaw in Windows Remote Desktop through timely patching as recommended by Microsoft and CISA KEV.

AC-6 Least Privilege partial match
prevent

Enforces least privilege to minimize the privileges available for local escalation exploitation in the Remote Desktop component.

AC-2 Account Management partial match
prevent

Manages accounts and privileges to prevent assignment of low-privilege accounts exploitable for local elevation via improper privilege management.

Security SummaryAI

CVE-2026-21533 is an improper privilege management vulnerability in Windows Remote Desktop that enables local privilege escalation. It affects the Windows Remote Desktop component and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), mapped to CWE-269 (Improper Privilege Management). The issue was published on 2026-02-10.

An authorized local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows the attacker to gain high-impact access to confidentiality, integrity, and availability, effectively elevating privileges on the affected system.

Microsoft's update guide at msrc.microsoft.com provides details on patching the vulnerability. Vicarius offers detection and mitigation scripts specifically for this privilege escalation issue in Windows Remote Desktop. The vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

This CVE has seen real-world exploitation, as indicated by its inclusion in CISA's catalog, underscoring the need for immediate patching in environments using Windows Remote Desktop.

Details

CWE(s)
CWE-269
KEV Date Added
10 February 2026

Affected Products

microsoft
windows 10 1607
≤ 10.0.14393.8868 · ≤ 10.0.14393.8868
microsoft
windows 10 1809
≤ 10.0.17763.8389 · ≤ 10.0.17763.8389
microsoft
windows 10 21h2
≤ 10.0.19044.6937 · ≤ 10.0.19044.6937 · ≤ 10.0.19044.6937
microsoft
windows 10 22h2
≤ 10.0.19045.6937 · ≤ 10.0.19045.6937 · ≤ 10.0.19045.6937
microsoft
windows 11 23h2
≤ 10.0.22631.6649 · ≤ 10.0.22631.6649
microsoft
windows 11 24h2
≤ 10.0.26100.7781 · ≤ 10.0.26100.7781
microsoft
windows 11 25h2
≤ 10.0.26200.7781 · ≤ 10.0.26200.7781
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.8868
microsoft
windows server 2019
≤ 10.0.17763.8389
+3 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

CVE-2026-21533 is an improper privilege management vulnerability enabling local privilege escalation in Windows Remote Desktop, directly facilitating T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References