CVE-2026-21244
Published: 10 February 2026
Summary
CVE-2026-21244 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 11 23H2. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 38.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-21244 is a heap-based buffer overflow vulnerability (CWE-122, CWE-787) in the Windows Hyper-V hypervisor. Published on 2026-02-10, it has a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and affects Windows systems utilizing the Hyper-V component for virtualization.
The vulnerability can be exploited by an authorized local attacker with low privileges who requires user interaction to trigger it. Successful exploitation enables arbitrary code execution in the context of the Hyper-V process, granting high-impact access to confidentiality, integrity, and availability.
Mitigation details, including available patches, are provided in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21244.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7320
Vulnerability details
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in Hyper-V hypervisor directly enables local privilege escalation via arbitrary code execution in the hypervisor process context.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Memory-protection mechanisms directly block exploitation of the heap-based buffer overflow (CWE-122/CWE-787) that enables local code execution inside the Hyper-V process.
Timely application of the vendor patch listed in the MSRC advisory eliminates the vulnerable Hyper-V code path before an authorized local attacker can trigger it.
Disabling or restricting the Hyper-V hypervisor feature on systems that do not require virtualization removes the attack surface entirely.