CVE-2026-21510

HighCISA KEVActive Exploitation

Published: 10 February 2026

Published

10 February 2026

Modified

11 February 2026

KEV Added

10 February 2026

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0404 88.6th percentile

Risk Priority 40 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21510 is a high-severity Protection Mechanism Failure (CWE-693) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 11.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly addresses the protection mechanism failure by requiring identification, reporting, and timely patching of flaws like CVE-2026-21510 as detailed in Microsoft's update guide.

SI-3 Malicious Code Protection good match

preventdetect

Mitigates exploitation of the Windows Shell bypass by deploying malicious code protection mechanisms to prevent and detect execution of attacker payloads delivered via malicious links or files.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Enables detection of systems vulnerable to CVE-2026-21510 through periodic vulnerability scanning, facilitating prioritization for remediation given its presence in CISA's KEV catalog.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

CVE-2026-21510 is a Windows Shell protection bypass exploited remotely with user interaction (malicious link/file), enabling arbitrary code execution, directly facilitating T1203 Exploitation for Client Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Deeper analysisAI

CVE-2026-21510 is a protection mechanism failure (CWE-693) in the Windows Shell, enabling an unauthorized attacker to bypass a security feature over a network. This vulnerability affects the Windows Shell component within Microsoft Windows operating systems. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, lack of privilege requirements, and potential for significant impacts on confidentiality, integrity, and availability.

The attack scenario involves a remote, unauthenticated attacker who can exploit the flaw over the network, though it requires user interaction such as clicking a malicious link or opening a file. Upon successful exploitation, the attacker can bypass Windows Shell security protections, potentially leading to arbitrary code execution, data theft, system modification, or denial of service with high impact.

Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 details available patches and mitigation steps for affected systems. The vulnerability appears in CISA's Known Exploited Vulnerabilities catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21510, signaling real-world exploitation and urging federal agencies to apply mitigations promptly.

Details

CWE(s): CWE-693
KEV Date Added: 10 February 2026

Affected Products

microsoft

windows 10 1607

≤ 10.0.14393.8868 · ≤ 10.0.14393.8868

microsoft

windows 10 1809

≤ 10.0.17763.8389 · ≤ 10.0.17763.8389

microsoft

windows 10 21h2

≤ 10.0.19044.6937 · ≤ 10.0.19044.6937 · ≤ 10.0.19044.6937

microsoft

windows 10 22h2

≤ 10.0.19045.6937 · ≤ 10.0.19045.6937 · ≤ 10.0.19045.6937

microsoft

windows 11 23h2

≤ 10.0.22631.6649 · ≤ 10.0.22631.6649

microsoft

windows 11 24h2

≤ 10.0.26100.7781 · ≤ 10.0.26100.7781

microsoft

windows 11 25h2

≤ 10.0.26200.7781 · ≤ 10.0.26200.7781

microsoft

windows server 2012

all versions, r2

microsoft

windows server 2016

≤ 10.0.14393.8868

microsoft

windows server 2019

≤ 10.0.17763.8389

+3 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2026-21513Same product: Microsoft Windows 10 1607both on KEV

CVE-2026-32202Same product: Microsoft Windows 10 1607both on KEV

CVE-2026-21533Same product: Microsoft Windows 10 1607both on KEV

CVE-2026-20805Same product: Microsoft Windows 10 1607both on KEV

CVE-2026-21525Same product: Microsoft Windows 10 1607both on KEV

CVE-2026-32225Same product: Microsoft Windows 10 1607

CVE-2026-21519Same product: Microsoft Windows 10 1607both on KEV

CVE-2026-32157Same product: Microsoft Windows 10 1607

CVE-2025-59230Same product: Microsoft Windows 10 1607both on KEV

CVE-2025-24990Same product: Microsoft Windows 10 1607both on KEV

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510
Vendor Advisory · secure@microsoft.com
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21510
US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0