CVE-2021-26411
Published: 11 March 2021
Summary
CVE-2021-26411 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2021-26411 is a memory corruption vulnerability, specifically a use-after-free issue tracked under CWE-416, that affects Internet Explorer. It received a CVSS v3.1 base score of 8.8 with the vector string AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L, indicating a remotely exploitable flaw in the browser's handling of certain objects or resources.
An attacker can exploit the vulnerability by serving specially crafted web content that triggers the memory corruption condition when rendered in Internet Explorer. Successful exploitation allows the attacker to achieve altered memory state that may lead to arbitrary code execution or other impacts within the browser process, with the changed scope metric reflecting potential effects beyond the immediate IE sandbox.
Microsoft published an advisory detailing the issue and available updates, while CISA lists the CVE in its catalog of known exploited vulnerabilities in the wild, confirming active targeting by adversaries. Security practitioners should prioritize applying the vendor patches referenced in the Microsoft Security Response Center guidance to address the flaw.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-13217
Vulnerability details
Internet Explorer Memory Corruption Vulnerability
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the vendor patches Microsoft published for CVE-2021-26411 to eliminate the use-after-free flaw before exploitation.
Enforces memory-protection mechanisms (e.g., ASLR, DEP) that raise the difficulty of converting the CVE-2021-26411 memory corruption into reliable code execution.
Deploys malicious-code detection at the browser or host level to block or alert on web content crafted to trigger CVE-2021-26411.