Cyber Resilience

CVE-2021-26411

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 11 March 2021

Published
11 March 2021
Modified
30 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
EPSS Score 0.9247 99.7th percentile
Risk Priority 93 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-26411 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2021-26411 is a memory corruption vulnerability, specifically a use-after-free issue tracked under CWE-416, that affects Internet Explorer. It received a CVSS v3.1 base score of 8.8 with the vector string AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L, indicating a remotely exploitable flaw in the browser's handling of certain objects or resources.

An attacker can exploit the vulnerability by serving specially crafted web content that triggers the memory corruption condition when rendered in Internet Explorer. Successful exploitation allows the attacker to achieve altered memory state that may lead to arbitrary code execution or other impacts within the browser process, with the changed scope metric reflecting potential effects beyond the immediate IE sandbox.

Microsoft published an advisory detailing the issue and available updates, while CISA lists the CVE in its catalog of known exploited vulnerabilities in the wild, confirming active targeting by adversaries. Security practitioners should prioritize applying the vendor patches referenced in the Microsoft Security Response Center guidance to address the flaw.

EU & UK References

Vulnerability details

Internet Explorer Memory Corruption Vulnerability

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
edge
all versions
microsoft
internet explorer
11, 9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor patches Microsoft published for CVE-2021-26411 to eliminate the use-after-free flaw before exploitation.

prevent

Enforces memory-protection mechanisms (e.g., ASLR, DEP) that raise the difficulty of converting the CVE-2021-26411 memory corruption into reliable code execution.

preventdetect

Deploys malicious-code detection at the browser or host level to block or alert on web content crafted to trigger CVE-2021-26411.

References