CVE-2026-24291
Published: 10 March 2026
Summary
CVE-2026-24291 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 13.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-24291 involves incorrect permission assignment for a critical resource in the Windows Accessibility Infrastructure, specifically the ATBroker.exe component. This vulnerability, published on 2026-03-10, enables local privilege escalation and is rated with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It maps to CWE-732 (Incorrect Permission Assignment for Critical Resource).
A local attacker with low privileges (PR:L) can exploit this issue with low attack complexity and no user interaction. Exploitation requires only local access to the target system, allowing the attacker to elevate privileges and achieve high impacts on confidentiality, integrity, and availability.
The Microsoft Security Response Center advisory provides details on mitigation and patches at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24291. Additional technical context is available in the RegPwn GitHub repository at https://github.com/mdsecactivebreach/RegPwn and the MDSec blog post at https://www.mdsec.co.uk/2026/03/rip-regpwn/.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-10614
Vulnerability details
Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct local privilege escalation via incorrect permissions on ATBroker.exe in the Windows Accessibility Infrastructure, enabling abuse of accessibility features for elevation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely remediation of the specific flaw in ATBroker.exe permissions to prevent local privilege escalation exploitation.
Enforces approved access control policies on critical resources, directly countering incorrect permission assignments in Windows Accessibility Infrastructure.
Establishes secure configuration settings for system components like ATBroker.exe to mitigate risks from misconfigured permissions.