CVE-2026-21238
Published: 10 February 2026
Summary
CVE-2026-21238 is a high-severity Improper Access Control (CWE-284) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for logical access to system resources, directly preventing unauthorized privilege escalation due to improper access control in the Windows Ancillary Function Driver for WinSock.
Implements a tamper-proof reference monitor to mediate all subject-object accesses, addressing the kernel driver's failure to properly enforce access control policies.
Employs least privilege to restrict low-privilege local attackers from gaining high-impact access even if the driver's improper controls are exploited.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local improper access control vulnerability in a Windows kernel driver directly enables exploitation for privilege escalation from low-privileged context to full system compromise.
NVD Description
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Deeper analysisAI
CVE-2026-21238 is an improper access control vulnerability (CWE-284) in the Windows Ancillary Function Driver for WinSock. Published on 2026-02-10T18:16:24.613, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and affects Windows systems where the driver is present.
The vulnerability enables a local attacker with low privileges to exploit improper access controls in the driver, resulting in privilege escalation. Successful exploitation grants the attacker high-impact access to confidentiality, integrity, and availability, potentially allowing full system compromise from an initial low-privilege position.
Mitigation details are available in the official advisory from the Microsoft Security Response Center at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21238.
Details
- CWE(s)