Cyber Resilience

CVE-2021-31166

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 11 May 2021

Published
11 May 2021
Modified
30 October 2025
KEV Added
06 April 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9307 99.8th percentile
Risk Priority 95 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-31166 is a critical-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 10 2004. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2021-31166 is a remote code execution vulnerability in the HTTP Protocol Stack, tracked under CWE-416 for use-after-free conditions and carrying a CVSS 3.1 base score of 9.8 reflecting network-accessible attack complexity that is low with no privileges or user interaction required.

An unauthenticated remote attacker can send specially crafted HTTP requests to trigger the flaw, resulting in arbitrary code execution that impacts confidentiality, integrity, and availability on the affected system.

Microsoft's security advisory at portal.msrc.microsoft.com and the CISA Known Exploited Vulnerabilities catalog both reference this issue, directing administrators to apply the corresponding security updates for mitigation.

The entry's presence in the CISA catalog confirms observed real-world exploitation activity.

EU & UK References

Vulnerability details

HTTP Protocol Stack Remote Code Execution Vulnerability

CWE(s)
KEV Date Added
06 April 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 2004
≤ 10.0.19041.982
microsoft
windows 10 20h2
≤ 10.0.19042.982
microsoft
windows server 2004
≤ 10.0.19041.982
microsoft
windows server 20h2
≤ 10.0.19042.982

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of security updates to remediate the HTTP Protocol Stack use-after-free flaw before remote exploitation succeeds.

detect

Requires vulnerability scanning to identify unpatched instances of CVE-2021-31166 on systems exposing the HTTP stack.

detect

Enables monitoring of network traffic and system behavior to detect crafted HTTP requests attempting to trigger the RCE flaw.

References