Cyber Resilience

CVE-2026-21251

High

Published: 10 February 2026

Published
10 February 2026
Modified
11 February 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 12.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21251 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows Server 2016. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-21251 is a use-after-free vulnerability (CWE-416) in the Windows Cluster Client Failover component. Published on 2026-02-10, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows privilege escalation on the affected Windows system, potentially granting the attacker higher-level access.

For mitigation details, refer to the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21251.

EU & UK References

Vulnerability details

Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Use-after-free in local Windows component directly enables local privilege escalation via exploitation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-41095Same product: Microsoft Windows Server 2016
CVE-2025-25008Same product: Microsoft Windows Server 2016
CVE-2026-20822Same product: Microsoft Windows Server 2016
CVE-2025-24046Same product: Microsoft Windows Server 2016
CVE-2026-33098Same product: Microsoft Windows Server 2016
CVE-2026-20923Same product: Microsoft Windows Server 2019
CVE-2025-62221Same product: Microsoft Windows Server 2019
CVE-2025-21367Same product: Microsoft Windows Server 2019
CVE-2026-20865Same product: Microsoft Windows Server 2019
CVE-2026-34338Same product: Microsoft Windows Server 2016

Affected Assets

microsoft
windows server 2016
≤ 10.0.14393.8868
microsoft
windows server 2019
≤ 10.0.17763.8389
microsoft
windows server 2022
≤ 10.0.20348.4711
microsoft
windows server 2022 23h2
≤ 10.0.25398.2149
microsoft
windows server 2025
≤ 10.0.26100.32313

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the use-after-free flaw in Windows Cluster Client Failover to eliminate the privilege escalation vulnerability.

prevent

Implements memory safeguards such as DEP and ASLR to protect against unauthorized code execution from use-after-free exploits.

prevent

Limits the privileges of local low-privilege accounts and processes to reduce the attack surface and impact of escalation attempts.

References