Cyber Resilience

CVE-2026-32202

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 14 April 2026

Published
14 April 2026
Modified
26 May 2026
KEV Added
28 April 2026
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS Score 0.6410 99.1th percentile
Risk Priority 100 floored blend · peak EPSS

Summary

CVE-2026-32202 is a medium-severity Protection Mechanism Failure (CWE-693) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 4.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Masquerading (T1036); ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2026-32202 is a protection mechanism failure in the Windows Shell that allows an unauthorized attacker to perform spoofing over a network. This vulnerability, associated with CWE-693, affects the Windows Shell component and was published on 2026-04-14 with a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), indicating medium severity primarily due to low confidentiality impact.

The vulnerability can be exploited by an unauthorized attacker with network access and no required privileges, but it requires user interaction, such as clicking on a malicious link or resource. Successful exploitation enables spoofing attacks, allowing the attacker to impersonate legitimate entities or content viewed by the user, resulting in limited disclosure of sensitive information without impacting integrity or availability.

Microsoft's update guide provides details on mitigation for CVE-2026-32202 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202. Security practitioners should consult this advisory for patch availability and recommended remediation steps.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

CWE(s)
KEV Date Added
28 April 2026

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1036 Masquerading Stealth
Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools.
Why these techniques?

The vulnerability enables spoofing attacks to impersonate legitimate entities or content in the Windows Shell, directly mapping to Masquerading (T1036).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-21510Same product: Microsoft Windows 10 1607both on KEV
CVE-2026-21513Same product: Microsoft Windows 10 1607both on KEV
CVE-2026-32225Same product: Microsoft Windows 10 1607
CVE-2026-21533Same product: Microsoft Windows 10 1607both on KEV
CVE-2026-20805Same product: Microsoft Windows 10 1607both on KEV
CVE-2026-21525Same product: Microsoft Windows 10 1607both on KEV
CVE-2026-21519Same product: Microsoft Windows 10 1607both on KEV
CVE-2025-24990Same product: Microsoft Windows 10 1607both on KEV
CVE-2025-59230Same product: Microsoft Windows 10 1607both on KEV
CVE-2025-21418Same product: Microsoft Windows 10 1607both on KEV

Affected Assets

microsoft
windows 10 1607
≤ 10.0.14393.9060 · ≤ 10.0.14393.9060
microsoft
windows 10 1809
≤ 10.0.17763.8644 · ≤ 10.0.17763.8644
microsoft
windows 10 21h2
≤ 10.0.19044.7184 · ≤ 10.0.19044.7184 · ≤ 10.0.19044.7184
microsoft
windows 10 22h2
≤ 10.0.19045.7184 · ≤ 10.0.19045.7184 · ≤ 10.0.19045.7184
microsoft
windows 11 23h2
≤ 10.0.22631.6936 · ≤ 10.0.22631.6936
microsoft
windows 11 24h2
≤ 10.0.26100.8246 · ≤ 10.0.26100.8246
microsoft
windows 11 25h2
≤ 10.0.26200.8246 · ≤ 10.0.26200.8246
microsoft
windows 11 26h1
≤ 10.0.28000.1836 · ≤ 10.0.28000.1836
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.9060
+4 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the protection mechanism failure in Windows Shell by applying Microsoft patches as referenced in the MSRC update guide.

prevent

Ensures receipt and implementation of security alerts and advisories from Microsoft for timely mitigation of the Windows Shell spoofing vulnerability.

detect

Detects unpatched systems vulnerable to CVE-2026-32202 via automated vulnerability scanning of the Windows Shell component.

References