CVE-2026-32202

MediumCISA KEVActive Exploitation

Published: 14 April 2026

Published

14 April 2026

Modified

20 April 2026

KEV Added

—

Patch

—

CVSS Score 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS Score 0.0719 91.6th percentile

Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools.

Security Summary

CVE-2026-32202 is a protection mechanism failure in the Windows Shell that allows an unauthorized attacker to perform spoofing over a network. This vulnerability, associated with CWE-693, affects the Windows Shell component and was published on 2026-04-14 with a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), indicating medium severity primarily due to low confidentiality impact.

The vulnerability can be exploited by an unauthorized attacker with network access and no required privileges, but it requires user interaction, such as clicking on a malicious link or resource. Successful exploitation enables spoofing attacks, allowing the attacker to impersonate legitimate entities or content viewed by the user, resulting in limited disclosure of sensitive information without impacting integrity or availability.

Microsoft's update guide provides details on mitigation for CVE-2026-32202 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202. Security practitioners should consult this advisory for patch availability and recommended remediation steps.

Details

CWE(s): CWE-693
KEV Date Added: See CISA KEV catalog

Affected Products

microsoft

windows 10 1607

≤ 10.0.14393.9060 · ≤ 10.0.14393.9060

microsoft

windows 10 1809

≤ 10.0.17763.8644 · ≤ 10.0.17763.8644

microsoft

windows 10 21h2

≤ 10.0.19044.7184 · ≤ 10.0.19044.7184 · ≤ 10.0.19044.7184

microsoft

windows 10 22h2

≤ 10.0.19045.7184 · ≤ 10.0.19045.7184 · ≤ 10.0.19045.7184

microsoft

windows 11 23h2

≤ 10.0.22631.6936 · ≤ 10.0.22631.6936

microsoft

windows 11 24h2

≤ 10.0.26100.8246 · ≤ 10.0.26100.8246

microsoft

windows 11 25h2

≤ 10.0.26200.8246 · ≤ 10.0.26200.8246

microsoft

windows 11 26h1

≤ 10.0.28000.1836 · ≤ 10.0.28000.1836

microsoft

windows server 2012

all versions, r2

microsoft

windows server 2016

≤ 10.0.14393.9060

+4 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise Techniques

T1036 Masquerading Stealth

Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools.

attack.mitre.org →

Why these techniques?

The vulnerability enables spoofing attacks to impersonate legitimate entities or content in the Windows Shell, directly mapping to Masquerading (T1036).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202
Vendor Advisory · secure@microsoft.com