CVE-2026-32202

MediumCISA KEVActive Exploitation

Published: 14 April 2026

Published

14 April 2026

Modified

20 April 2026

KEV Added

—

Patch

—

CVSS Score 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS Score 0.0789 92.1th percentile

Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32202 is a medium-severity Protection Mechanism Failure (CWE-693) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 4.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Masquerading (T1036); ranked in the top 7.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Threat & Defense at a Glance

What attackers do: exploitation maps to Masquerading (T1036). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the protection mechanism failure in Windows Shell by applying Microsoft patches as referenced in the MSRC update guide.

SI-5 Security Alerts, Advisories, and Directives partial match

prevent

Ensures receipt and implementation of security alerts and advisories from Microsoft for timely mitigation of the Windows Shell spoofing vulnerability.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Detects unpatched systems vulnerable to CVE-2026-32202 via automated vulnerability scanning of the Windows Shell component.

MITRE ATT&CK Enterprise TechniquesAI

T1036 Masquerading Stealth

Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools.

attack.mitre.org →

Why these techniques?

The vulnerability enables spoofing attacks to impersonate legitimate entities or content in the Windows Shell, directly mapping to Masquerading (T1036).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

Deeper analysisAI

CVE-2026-32202 is a protection mechanism failure in the Windows Shell that allows an unauthorized attacker to perform spoofing over a network. This vulnerability, associated with CWE-693, affects the Windows Shell component and was published on 2026-04-14 with a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), indicating medium severity primarily due to low confidentiality impact.

The vulnerability can be exploited by an unauthorized attacker with network access and no required privileges, but it requires user interaction, such as clicking on a malicious link or resource. Successful exploitation enables spoofing attacks, allowing the attacker to impersonate legitimate entities or content viewed by the user, resulting in limited disclosure of sensitive information without impacting integrity or availability.

Microsoft's update guide provides details on mitigation for CVE-2026-32202 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202. Security practitioners should consult this advisory for patch availability and recommended remediation steps.

Details

CWE(s): CWE-693
KEV Date Added: See CISA KEV catalog

Affected Products

microsoft

windows 10 1607

≤ 10.0.14393.9060 · ≤ 10.0.14393.9060

microsoft

windows 10 1809

≤ 10.0.17763.8644 · ≤ 10.0.17763.8644

microsoft

windows 10 21h2

≤ 10.0.19044.7184 · ≤ 10.0.19044.7184 · ≤ 10.0.19044.7184

microsoft

windows 10 22h2

≤ 10.0.19045.7184 · ≤ 10.0.19045.7184 · ≤ 10.0.19045.7184

microsoft

windows 11 23h2

≤ 10.0.22631.6936 · ≤ 10.0.22631.6936

microsoft

windows 11 24h2

≤ 10.0.26100.8246 · ≤ 10.0.26100.8246

microsoft

windows 11 25h2

≤ 10.0.26200.8246 · ≤ 10.0.26200.8246

microsoft

windows 11 26h1

≤ 10.0.28000.1836 · ≤ 10.0.28000.1836

microsoft

windows server 2012

all versions, r2

microsoft

windows server 2016

≤ 10.0.14393.9060

+4 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2026-21510Same product: Microsoft Windows 10 1607both on KEV

CVE-2026-21513Same product: Microsoft Windows 10 1607both on KEV

CVE-2026-32225Same product: Microsoft Windows 10 1607

CVE-2026-21533Same product: Microsoft Windows 10 1607both on KEV

CVE-2026-20805Same product: Microsoft Windows 10 1607both on KEV

CVE-2026-21525Same product: Microsoft Windows 10 1607both on KEV

CVE-2026-21519Same product: Microsoft Windows 10 1607both on KEV

CVE-2025-59230Same product: Microsoft Windows 10 1607both on KEV

CVE-2025-24990Same product: Microsoft Windows 10 1607both on KEV

CVE-2025-24984Same product: Microsoft Windows 10 1607both on KEV

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202
Vendor Advisory · secure@microsoft.com