CVE-2026-21510

ENISA EUVD: EUVD-2026-7337 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: Feb. 18, 2026 9 articles Published: 2026-02-10

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

4.96%

probability

This CVE has a 4.96% probability of being exploited in the next 30 days.

0% Top 89.8th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Temporal

Exploit Code Maturity

Functional

Remediation Level

Official Fix

Report Confidence

Confirmed

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Description

NVD

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Affected Products

Microsoft

Windows 10 Version 1607

10.0.14393.0

Microsoft

Windows 10 Version 1809

10.0.17763.0

Microsoft

Windows 10 Version 21H2

10.0.19044.0

Microsoft

Windows 10 Version 22H2

10.0.19045.0

Microsoft

Windows 11 version 22H3

10.0.22631.0

microsoft

windows 10 1607

microsoft

windows 10 1809

microsoft

windows 10 21h2

microsoft

windows 10 22h2

microsoft

windows 11 23h2

Microsoft

Windows Server 2019

10.0.17763.0 <10.0.17763.8389

Microsoft

Windows 10 Version 22H2

10.0.19045.0 <10.0.19045.6937

Microsoft

Windows 11 Version 24H2

10.0.26100.0 <10.0.26100.7840

Microsoft

Windows Server 2012 R2 (Server Core installation)

6.3.9600.0 <6.3.9600.23022

Microsoft

Windows 10 Version 1607

10.0.14393.0 <10.0.14393.8868

Microsoft

Windows Server 2022

10.0.20348.0 <10.0.20348.4773

Microsoft

Windows Server 2019

10.0.17763.0 <10.0.17763.8389

Microsoft

Windows 11 version 22H3

10.0.22631.0 <10.0.22631.6649

Microsoft

Windows Server 2012

6.2.9200.0 <6.2.9200.25923

Microsoft

Windows 11 Version 25H2

10.0.26200.0 <10.0.26200.7840

Microsoft

Windows Server 2012 (Server Core installation)

6.2.9200.0 <6.2.9200.25923

Microsoft

Windows 11 version 26H1

10.0.28000.0 <10.0.28000.1575

Microsoft

Windows 10 Version 21H2

10.0.19044.0 <10.0.19044.6937

Microsoft

Windows 11 version 26H1

10.0.28000.0 <10.0.28000.1575

Microsoft

Windows Server 2012 R2

6.3.9600.0 <6.3.9600.23022

Microsoft

Windows 10 Version 21H2

10.0.19044.0 <10.0.19044.6937

Microsoft

Windows 11 Version 23H2

10.0.22631.0 <10.0.22631.6649

Microsoft

Windows Server 2022, 23H2 Edition (Server Core installation)

10.0.25398.0 <10.0.25398.2149

Microsoft

Windows 10 Version 22H2

10.0.19045.0 <10.0.19045.6937

Microsoft

Windows Server 2019 (Server Core installation)

10.0.17763.0 <10.0.17763.8389

Microsoft

Windows Server 2022, 23H2 Edition (Server Core installation)

10.0.25398.0 <10.0.25398.2149

Microsoft

Windows Server 2025

10.0.26100.0 <10.0.26100.32370

Microsoft

Windows 10 Version 1607

10.0.14393.0 <10.0.14393.8868

Microsoft

Windows 10 Version 1809

10.0.17763.0 <10.0.17763.8389

Microsoft

Windows Server 2025 (Server Core installation)

10.0.26100.0 <10.0.26100.32370

Microsoft

Windows 11 Version 24H2

10.0.26100.0 <10.0.26100.7840

Microsoft

Windows 11 Version 25H2

10.0.26200.0 <10.0.26200.7840

Microsoft

Windows Server 2016

10.0.14393.0 <10.0.14393.8868

Microsoft

Windows Server 2012 R2

6.3.9600.0 <6.3.9600.23022

Microsoft

Windows Server 2022

10.0.20348.0 <10.0.20348.4773

Microsoft

Windows Server 2019 (Server Core installation)

10.0.17763.0 <10.0.17763.8389

Microsoft

Windows Server 2016

10.0.14393.0 <10.0.14393.8868

Microsoft

Windows 10 Version 1809

10.0.17763.0 <10.0.17763.8389

Microsoft

Windows 11 Version 23H2

10.0.22631.0 <10.0.22631.6649

Microsoft

Windows Server 2016 (Server Core installation)

10.0.14393.0 <10.0.14393.8868

Microsoft

Windows Server 2012 R2 (Server Core installation)

6.3.9600.0 <6.3.9600.23022

Microsoft

Windows Server 2025 (Server Core installation)

10.0.26100.0 <10.0.26100.32370

Microsoft

Windows 11 version 26H1

10.0.28000.0 <10.0.28000.1575

Microsoft

Windows Server 2012 (Server Core installation)

6.2.9200.0 <6.2.9200.25923

Microsoft

Windows Server 2016 (Server Core installation)

10.0.14393.0 <10.0.14393.8868

Microsoft

Windows Server 2025

10.0.26100.0 <10.0.26100.32370

Microsoft

Windows Server 2012

6.2.9200.0 <6.2.9200.25923

Microsoft

Windows 11 version 22H3

10.0.22631.0 <10.0.22631.6649

Attack Intelligence

CWE-693 · Protection Mechanism Failure

Google Project Zero

Patched

Feb. 10, 2026

Reported by

Google Threat Intelligence Group, Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), and Office Product Group Security Team

Exploits & PoC

EpSiLoNPoInTOrI/EpSiLoNPoInTlnk

CVE-2026-21510 LNK generator PoC

1 2026-05-09

1 repo — triés par ⭐ Rechercher sur GitHub ↗

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510

vendor-advisory patch

Signal Intelligence

Confidenceⓘ

92%

EPSS 4.96%

CVSS v3.1 8.8

Mentions 9

Last Seen Mar 17, 2026

CNA Information

CNA Assigner

microsoft

CNA Title

Windows Shell Security Feature Bypass Vulnerability

Analyst Note

CVE-2026-21510 is confirmed as a zero-day with high credibility: it appears in Google Project Zero, is documented across multiple reputable security sources (Tenable, BleepingComputer, TheHackerNews, CISA), and was patched by Microsoft in their February 2026 Patch Tuesday addressing six actively exploited zero-days. The HIGH CVSS score (8.8) and protection mechanism bypass nature align with the serious threat level documented in security advisories.

Threat Actors 2

Ice Fog

apt_group Information theft and espionage 🇨🇳 CN

Nomad Panda

apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atFeb 18, 2026

Published DateFeb 10, 2026