CVE-2026-21536
Published: 05 March 2026
Description
Microsoft Devices Pricing Program Remote Code Execution Vulnerability
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the RCE vulnerability in Microsoft Devices Pricing Program by requiring timely patching and flaw remediation as per MSRC guidance for CVE-2026-21536.
Identifies CVE-2026-21536 through vulnerability scanning and monitoring, enabling proactive remediation before remote exploitation.
Prevents unauthenticated remote attacks on the vulnerable service by enforcing boundary protections that restrict network access to the Microsoft Devices Pricing Program.
Security SummaryAI
CVE-2026-21536 is a Remote Code Execution vulnerability in the Microsoft Devices Pricing Program. Published on 2026-03-05T23:16:18.447, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-434 and NVD-CWE-noinfo.
The vulnerability enables remote exploitation over the network by unauthenticated attackers requiring low attack complexity and no user interaction. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, allowing arbitrary code execution on affected systems.
Mitigation guidance is available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21536.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2026-21536 is a network-accessible, unauthenticated RCE vulnerability in a Microsoft service, directly enabling exploitation of public-facing applications (T1190).