CVE-2026-21519

HighCISA KEVActive Exploitation

Published: 10 February 2026

Published

10 February 2026

Modified

11 February 2026

KEV Added

10 February 2026

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0452 89.3th percentile

Risk Priority 38 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21519 is a high-severity Type Confusion (CWE-843) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 10.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the type confusion vulnerability in Desktop Window Manager by requiring timely application of Microsoft patches as emphasized in the CVE analysis and CISA KEV catalog.

SI-16 Memory Protection partial match

prevent

Implements memory protections like ASLR, DEP, and CFG that mitigate exploitation of type confusion leading to local privilege escalation.

AC-6 Least Privilege partial match

prevent

Enforces least privilege for low-privilege local accounts, limiting the potential impact and scope of successful privilege escalation via the DWM vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

CVE-2026-21519 is a local privilege escalation vulnerability exploitable by low-privileged attackers via type confusion in DWM, directly enabling T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Deeper analysisAI

CVE-2026-21519 is a type confusion vulnerability (CWE-843), classified as an access of resource using incompatible type, affecting the Desktop Window Manager (DWM) component in Microsoft Windows. Published on February 10, 2026, it carries a CVSS v3.1 base score of 7.8 (High), with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating high impacts on confidentiality, integrity, and availability when exploited.

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. Successful exploitation enables privilege escalation, potentially granting the attacker high-level access to the system, compromising sensitive data, modifying critical files, or disrupting system operations.

Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 provides details on patches and mitigation steps. The vulnerability is listed in CISA's Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21519, confirming active exploitation in the wild and urging federal agencies to apply mitigations promptly.

Security practitioners should prioritize patching affected Windows systems, as real-world exploitation has been observed, emphasizing the need for immediate updates to DWM to prevent local privilege escalation attacks.

Details

CWE(s): CWE-843
KEV Date Added: 10 February 2026

Affected Products

microsoft

windows 10 1607

≤ 10.0.14393.8868 · ≤ 10.0.14393.8868

microsoft

windows 10 1809

≤ 10.0.17763.8389 · ≤ 10.0.17763.8389

microsoft

windows 10 21h2

≤ 10.0.19044.6937 · ≤ 10.0.19044.6937 · ≤ 10.0.19044.6937

microsoft

windows 10 22h2

≤ 10.0.19045.6937 · ≤ 10.0.19045.6937 · ≤ 10.0.19045.6937

microsoft

windows 11 23h2

≤ 10.0.22631.6649 · ≤ 10.0.22631.6649

microsoft

windows 11 24h2

≤ 10.0.26100.7781 · ≤ 10.0.26100.7781

microsoft

windows 11 25h2

≤ 10.0.26200.7781 · ≤ 10.0.26200.7781

microsoft

windows server 2016

≤ 10.0.14393.8868

microsoft

windows server 2019

≤ 10.0.17763.8389

microsoft

windows server 2022

≤ 10.0.20348.4711

+2 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2026-21533Same product: Microsoft Windows 10 1607both on KEV

CVE-2026-20860Same product: Microsoft Windows 10 1607

CVE-2026-26162Same product: Microsoft Windows 10 1607

CVE-2025-62221Same product: Microsoft Windows 10 1809both on KEV

CVE-2025-62215Same product: Microsoft Windows 10 1809both on KEV

CVE-2025-21391Same product: Microsoft Windows 10 1607both on KEV

CVE-2025-59230Same product: Microsoft Windows 10 1607both on KEV

CVE-2025-24990Same product: Microsoft Windows 10 1607both on KEV

CVE-2025-21418Same product: Microsoft Windows 10 1607both on KEV

CVE-2026-20832Same product: Microsoft Windows 10 1607

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519
Vendor Advisory · secure@microsoft.com
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21519
US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0